Subject: CVS commit: pkgsrc/net/aria2
From: Ryo ONODERA
Date: 2014-12-31 02:38:11
Message id: 20141231013811.204D198@cvs.netbsd.org

Log Message:
Update to 1.18.8

Changelog:
aria2 1.18.8
============

Release Note
------------

This releases fixes the bug that aria2 cannot read piped stdin on
mingw32.  It also fixes busy loop on mingw32 when SSL/TLS is used.  We
also fixed 2 crashes which can occur on all platforms.

Changes
-------

* WinTLS: Fix abrupt connection closing and closing in general.

  Fixes GH-277

* LibsslTLSSession: Treat 0 from readData as EOF

* Enable dynamicbase and nxcompat in Windows binaries

* Fix crash in OpenedFileCounter::ensureMaxOpenFileLimit()

  The crash happens if PieceStorage and/or DiskAdaptor are not
  initialized in one of active RequestGroups.

* mingw32: Fix bug that aria2 does not read piped stdin

* Fix std::length_error when no_proxy is used

  This is regression introduced in 8cada497.

* Try to set sane limits for RLIMIT_NO_FILE

  E.g. on OSX the default is 256, which isn't exactly compatible with
  torrent downloads.

  Closes GH-257

* Delay auth failures instead of PBKDF2

  Closes GH-256

aria2 1.18.7
============

Release Note
------------

This release fixes regression which makes 100% CPU utilization in
multi-file torrent download with -V option.  It also fixes build error
on big endian platforms.

Changes
-------

* Fixed segfault unsupported encodings

  Patch from diadistis

* Fix regression 100% CPU utility when -V is used and download is
  multi-file bittorrent downloads.

  This is regression of a3426821c8a7f9cf8d80a81726157d4eb844f661

* Fix compile error on big endian platform

aria2 1.18.6
============

Release Note
------------

This release fixes several bugs reported in github issues and adds a
feature to make RPC authentication more resilient to certain attacks.
New option --pause-metadata is added.  The explanation is a bit log,
so check the changelog and manual.  The session is now only saved if
there are changes from the last saved state.

From this release, MinGW32 build uses Windows native TLS
implementation and no longer use OpenSSL library.

Changes
-------

* Disard cache when checking checksum

  This will slow down checksum checking but does not thrash cache.

* Compat with libuv 0.11 (Unstable)

  Fixes #241

* Drop WinMessageDigestImpl.

  The algorithms the `CryptProv` on Windows supports does not
  currently include SHA-224, so there is a "dark spot" in this
  implementation. Also on Win XP < SP3, most of the SHA-2 family is
  not actually supported.  All other implementation provide support
  for MD5, SHA-1 and all of the SHA-2 family, hence drop the
  incomplete WinMessageDigest implementation in favor of any other
  supported implementation (at least the internal implementation is
  always available at compile-time).

* Add --pause-metadata option

  This option pauses downloads created as a result of metadata
  download. There are 3 types of metadata downloads in aria2: (1)
  downloading .torrent file. (2) downloading torrent metadata using
  magnet link. (3) downloading metalink file.  These metadata
  downloads will generate downloads using their metadata. This option
  pauses these subsequent downloads.

* Improve compiler/platform/libs information in logs

  Add and use usedCompilerAndPlatform().  This adds compiler
  information to INFO logs and the --version output, and may be
  helpful when trying to diagnose/reproduce user-reported problems.

  Also make INFO logs include usedLibs() output.

  Closes #235

* Fix use-after-free on exit with multi-file torrent download + DHT

  DefaultPieceStorage may be referenced by one of DHT task (e.g.,
  DHTPeerLookupTask), after RequestGroup was deleted, and even after
  RequestGroupMan was deleted.  DefaultPieceStorage has a reference to
  MultiDiskAdaptor which calls RequestGroupMan object on destruction.
  So when DHT task is destroyed, DefaultPieceStorage is destroyed,
  which in turn destroys MultiDiskAdaptor.  DHT task is destroyed
  after RequestGroupMan was destroyed, MultiDiskAdaptor will use now
  freed RequestGroupMan object, this is use-after-free.

* Fix bug that zero length file is not opened when flushing cache

  This bug was only seen when MultiDiskAdaptor was used.

* Support PREF_DIR change for Metalink files

  Reworked previous commit adeead6f0396e2f8551d1182972e277728fd6c8b,
  and now support changing PREF_DIR for Metalink downloads.

* Fix assertion failure when dir option of paused HTTP/FTP download is
  changed

  When the directory is changed via aria2.changeOption RPC method, we
  directly change first FileEntry's path using FileEntry::setPath().
  If there is no PREF_OUT option is given, basically file name is
  unknown, so we just set empty string and let the next run determine
  the correct file name and new directory is applied there.  But
  previous code does not reset length property of FileEntry, so the
  unexpected code path is taken when unpaused and its path expects
  path is not empty string.  This commit fixes this issue by setting
  length to 0 using FileEntry::setLength().

* Save session only when there is change since the last serialization

  This is a slight optimization not to cause useless disk access.
  This only applies to saving session automatically (see
  --save-session-interval).  aria2.saveSession and serialization at
  the end of the session are always performed as before.

  When serialization, we first check that whether there is any change
  since the last serialization.  To do this, we first calculate hash
  value of serialized content without writing into file.  Then compare
  this value to the value of last serialization.  If they do not
  match, perform serialization.

* Fix (unknown length) downloads larger than 2GiB

  Closes #215

* Fix F_PREALLOC based allocation on some OSX versions

* Use index.html as filename for conditional-get when file is missing
  in URI

  Previously we disabled conditional-get if file part is missing in
  URI.  But we use constant string "index.html" in this case, so we
  can do the same to determine the modification time.  In this patch,
  if we have file part in URI, we are not going to set absolute file
  path in FileEntry, since it prevents content-disposition from
  working.

* Always add README.html to dist_doc_DATA

  rst2html is required to produce README.html from README.rst.  We
  include generated README.html to distribution.  And rst2html is not
  required when compiling sources in distribution and always
  README.html is available.

* Validate token using PBKDF2-HMAC-SHA1.

  This change should make token validation more resilient to:
  - timing attacks (constant time array compare)
  - brute-force/dictionary attacks (PBKDF2)

  Closes #220

* Add --disable-websocket configure option

* mingw32: Enable wintls and compile with GMP

  By enabling wintls, we can use Windows certificate store to validate
  server's certificate.  Previously, we built windows build using
  openssl and since we don't bundle CA certificates, aria2 fails to
  validate server's certificate unless user setups their CA
  certificates.  GMP provides fast big integer calculations, whic is
  used in BitTorrent encryption.

* AppleTLS: Enable BEAST mitigations in ST

  Only available in 10.9+, but since we might be building on a
  previous version but running on 10.9+, always try to set the option.

* WinTLS: Accept chains with no revocation information.

  This is kind what browser do anyway (IE, Firefox, Chrome tested),
  what AppleTLS does, what GnuTLS does and what OpenSSL
  does. Actually, most browsers will also be OK with the CRL/OCSP
  provider being offline.  WinTLS will still fail in that case.

  Should revocation information be available in the trust chain (CRL
  or OCSP) the certificate still will be checked!

  "Real" CAs, aka. those provided by the OS or system CA bundle,
  usually provide revocation information and are thus still checked.
  It should be mostly (only?) custom (organization) CAs that lack
  revocation information, but those users might want to use aria2 in
  their intranets and VPNs anyway ;)

  See #217

* Fix GnuTLS 2.x compatiblity

  Closes GH-216

* AppleTLS: Use newer, non-deprecated API in 10.8+

aria2 1.18.5
============

Release Note
------------

This release fixes BitTorrent download failure on Mingw build.

Changes
-------

* Ignore error when setting DSCP value

  Setting DSCP is additional feature and failure to enable it should
  not abort download entirely.  This change fixes the bug that windows
  build does not perform bittorrent downloads.

Files:
RevisionActionfile
1.54modifypkgsrc/net/aria2/Makefile
1.19modifypkgsrc/net/aria2/PLIST
1.36modifypkgsrc/net/aria2/distinfo