Merge branch 'master' into staging

7 files changed, 39 insertions, 121 deletions

diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index 5dd523d6fa6b..9ed56ee1ec56 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -18,11 +18,11 @@ assert scpSupport -> libssh2 != null;
 assert c-aresSupport -> c-ares != null;
 
 stdenv.mkDerivation rec {
-  name = "curl-7.51.0";
+  name = "curl-7.52.1";
 
   src = fetchurl {
     url = "http://curl.haxx.se/download/${name}.tar.bz2";
-    sha256 = "1pldg1d8606p4q83k8fcp61kfcsbphln22mycw7h7r87i42410kz";
+    sha256 = "16rqhyzlpnivifin8n7l2fr9ihay9v2nw2drsniinb6bcykqaqfi";
   };
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
@@ -42,8 +42,6 @@ stdenv.mkDerivation rec {
     optional sslSupport openssl ++
     optional scpSupport libssh2;
 
-  patches = stdenv.lib.optional http2Support ./fix-http2-window-size.patch;
-
   # for the second line see http://curl.haxx.se/mail/tracker-2014-03/0087.html
   preConfigure = ''
     sed -e 's|/usr/bin|/no-such-path|g' -i.bak configure
diff --git a/pkgs/tools/networking/curl/fix-http2-window-size.patch b/pkgs/tools/networking/curl/fix-http2-window-size.patch
deleted file mode 100644
index 6fac3e1b42ac..000000000000
--- a/pkgs/tools/networking/curl/fix-http2-window-size.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From a4d888857ede39a8e2aa5f961048c6362d3a5377 Mon Sep 17 00:00:00 2001
-From: Jay Satiro <raysatiro@yahoo.com>
-Date: Wed, 16 Nov 2016 02:55:30 -0500
-Subject: [PATCH] http2: Use huge HTTP/2 windows
-
-- Improve performance by using a huge HTTP/2 window size.
-
-Bug: https://github.com/curl/curl/issues/1102
-Reported-by: afrind@users.noreply.github.com
-Assisted-by: Tatsuhiro Tsujikawa
----
- docs/TODO   |  8 --------
- lib/http2.c | 15 +++++++++++++--
- 2 files changed, 13 insertions(+), 10 deletions(-)
-
-diff --git a/docs/TODO b/docs/TODO
-index c3bc4eb..99c610f 100644
---- a/docs/TODO
-+++ b/docs/TODO
-@@ -63,7 +63,6 @@
-  5.1 Better persistency for HTTP 1.0
-  5.2 support FF3 sqlite cookie files
-  5.3 Rearrange request header order
-- 5.4 Use huge HTTP/2 windows
-  5.5 auth= in URLs
-  5.6 Refuse "downgrade" redirects
-  5.7 Brotli compression
-@@ -528,13 +527,6 @@ This is not detailed in any FTP specification.
-  headers use a default value so only headers that need to be moved have to be
-  specified.
- 
--5.4 Use huge HTTP/2 windows
--
-- We're currently using nghttp2's default window size which is terribly small
-- (64K). This becomes a bottle neck over high bandwidth networks. We should
-- instead make the window size to be very big (512MB?) as we really don't do
-- much flow control anyway.
--
- 5.5 auth= in URLs
- 
-  Add the ability to specify the preferred authentication mechanism to use by
-diff --git a/lib/http2.c b/lib/http2.c
-index 6720984..202ab1b 100644
---- a/lib/http2.c
-+++ b/lib/http2.c
-@@ -59,6 +59,8 @@
- #define nghttp2_session_callbacks_set_error_callback(x,y)
- #endif
- 
-+#define HTTP2_HUGE_WINDOW_SIZE (1 << 30)
-+
- /*
-  * Curl_http2_init_state() is called when the easy handle is created and
-  * allows for HTTP/2 specific init of state.
-@@ -965,7 +967,7 @@ static ssize_t data_source_read_callback(nghttp2_session *session,
-  */
- static nghttp2_settings_entry settings[] = {
-   { NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 100 },
--  { NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE, NGHTTP2_INITIAL_WINDOW_SIZE },
-+  { NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE, HTTP2_HUGE_WINDOW_SIZE },
- };
- 
- #define H2_BUFSIZE 32768
-@@ -2031,7 +2033,8 @@ CURLcode Curl_http2_switched(struct connectdata *conn,
-   else {
-     /* stream ID is unknown at this point */
-     stream->stream_id = -1;
--    rv = nghttp2_submit_settings(httpc->h2, NGHTTP2_FLAG_NONE, NULL, 0);
-+    rv = nghttp2_submit_settings(httpc->h2, NGHTTP2_FLAG_NONE, settings,
-+                                 sizeof(settings) / sizeof(settings[0]));
-     if(rv != 0) {
-       failf(data, "nghttp2_submit_settings() failed: %s(%d)",
-             nghttp2_strerror(rv), rv);
-@@ -2039,6 +2042,14 @@ CURLcode Curl_http2_switched(struct connectdata *conn,
-     }
-   }
- 
-+  rv = nghttp2_session_set_local_window_size(httpc->h2, NGHTTP2_FLAG_NONE, 0,
-+                                             HTTP2_HUGE_WINDOW_SIZE);
-+  if(rv != 0) {
-+    failf(data, "nghttp2_session_set_local_window_size() failed: %s(%d)",
-+          nghttp2_strerror(rv), rv);
-+    return CURLE_HTTP2;
-+  }
-+
-   /* we are going to copy mem to httpc->inbuf.  This is required since
-      mem is part of buffer pointed by stream->mem, and callbacks
-      called by nghttp2_session_mem_recv() will write stream specific
diff --git a/pkgs/tools/networking/i2p/default.nix b/pkgs/tools/networking/i2p/default.nix
index fb2f43586946..d5b9ff665d4a 100644
--- a/pkgs/tools/networking/i2p/default.nix
+++ b/pkgs/tools/networking/i2p/default.nix
@@ -1,10 +1,10 @@
 { stdenv, procps, coreutils, fetchurl, jdk, jre, ant, gettext, which }:
 
 stdenv.mkDerivation rec {
-  name = "i2p-0.9.26";
+  name = "i2p-0.9.28";
   src = fetchurl {
     url = "https://github.com/i2p/i2p.i2p/archive/${name}.tar.gz";
-    sha256 = "0h672w69a5xzgcrls64bpss3ga9hgpnrq90dr5lb5912pwwq9pa1";
+    sha256 = "1xagyywnck2c5xalr7bc7cv5ikk4igf7avmc0n28nz9pkais1y1y";
   };
   buildInputs = [ jdk ant gettext which ];
   patches = [ ./i2p.patch ];
diff --git a/pkgs/tools/networking/i2p/i2p.patch b/pkgs/tools/networking/i2p/i2p.patch
index 2ae6446ed286..74031eb7aef7 100644
--- a/pkgs/tools/networking/i2p/i2p.patch
+++ b/pkgs/tools/networking/i2p/i2p.patch
@@ -1,6 +1,21 @@
+diff --git a/installer/resources/i2prouter b/installer/resources/i2prouter
+index 365737d89..2ea14db3e 100644
+--- a/installer/resources/i2prouter
++++ b/installer/resources/i2prouter
+@@ -49,7 +49,7 @@ APP_LONG_NAME="I2P Service"
+ 
+ # gettext - we look for it in the path
+ # fallback to echo is below, we can't set it to echo here.
+-GETTEXT=$(which gettext > /dev/null 2>&1)
++GETTEXT=%gettext%
+ 
+ # Where to install the systemd service
+ SYSTEMD_SERVICE="/etc/systemd/system/${APP_NAME}.service"
+diff --git a/installer/resources/runplain.sh b/installer/resources/runplain.sh
+index eb4995dfe..0186cede3 100644
 --- a/installer/resources/runplain.sh
 +++ b/installer/resources/runplain.sh
-@@ -21,7 +21,7 @@
+@@ -25,7 +25,7 @@ CP=
  
  # Try using the Java binary that I2P was installed with.
  # If it's not found, try looking in the system PATH.
@@ -9,10 +24,10 @@
  
  if [ -z $JAVA ] || [ ! -x $JAVA ]; then
      echo "Error: Cannot find java." >&2
-@@ -40,15 +40,4 @@
+@@ -44,15 +44,4 @@ if [ $(uname -s) = "Darwin" ]; then
      export JAVA_TOOL_OPTIONS="-Djava.awt.headless=true"
  fi
- JAVAOPTS="-Djava.net.preferIPv4Stack=${PREFERv4} -Djava.library.path=${I2P}:${I2P}/lib -Di2p.dir.base=${I2P} -DloggerFilenameOverride=logs/log-router-@.txt"
+ JAVAOPTS="${MAXMEMOPT} -Djava.net.preferIPv4Stack=${PREFERv4} -Djava.library.path=${I2P}:${I2P}/lib -Di2p.dir.base=${I2P} -DloggerFilenameOverride=logs/log-router-@.txt"
 -(
 -    nohup ${JAVA} -cp \"${CP}\" ${JAVAOPTS} net.i2p.router.RouterLaunch > /dev/null 2>&1
 -) &
@@ -25,15 +40,4 @@
 -    echo "I2P failed to start." >&2
 -    exit 1
 -fi
-+${JAVA} -cp \"${CP}\" ${JAVAOPTS} net.i2p.router.RouterLaunch
---- a/installer/resources/i2prouter
-+++ b/installer/resources/i2prouter
-@@ -49,7 +49,7 @@
- 
- # gettext - we look for it in the path
- # fallback to echo is below, we can't set it to echo here.
--GETTEXT=$(which gettext > /dev/null 2>&1)
-+GETTEXT=%gettext%
- 
- # Where to install the systemd service
- SYSTEMD_SERVICE="/etc/systemd/system/${APP_NAME}.service"
++exec ${JAVA} -cp \"${CP}\" ${JAVAOPTS} net.i2p.router.RouterLaunch
diff --git a/pkgs/tools/networking/openvpn/default.nix b/pkgs/tools/networking/openvpn/default.nix
index 13e1c68befda..f609c90ad504 100644
--- a/pkgs/tools/networking/openvpn/default.nix
+++ b/pkgs/tools/networking/openvpn/default.nix
@@ -7,11 +7,12 @@ assert pkcs11Support -> (pkcs11helper != null);
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  name = "openvpn-2.3.12";
+  name = "openvpn-${version}";
+  version = "2.4.0";
 
   src = fetchurl {
-    url = "http://swupdate.openvpn.net/community/releases/${name}.tar.gz";
-    sha256 = "1zqwq19xg6yf90nv35yr8r0ljas5f42v4n9hjjmhlnzpan69plzm";
+    url = "http://swupdate.openvpn.net/community/releases/${name}.tar.xz";
+    sha256 = "0zpqnbhjaifdalyxwmvk5kcyd7cpxbcigbn7967nbsyvl54vl8vg";
   };
 
   patches = optional stdenv.isLinux ./systemd-notify.patch;
@@ -39,8 +40,10 @@ stdenv.mkDerivation rec {
   meta = {
     description = "A robust and highly flexible tunneling application";
     homepage = http://openvpn.net/;
+    downloadPage = "https://openvpn.net/index.php/open-source/downloads.html";
     license = stdenv.lib.licenses.gpl2;
     maintainers = [ stdenv.lib.maintainers.viric ];
     platforms = stdenv.lib.platforms.unix;
+    updateWalker = true;
   };
 }
diff --git a/pkgs/tools/networking/openvpn/systemd-notify.patch b/pkgs/tools/networking/openvpn/systemd-notify.patch
index 9291f7a46642..c0ac8ae89d3c 100644
--- a/pkgs/tools/networking/openvpn/systemd-notify.patch
+++ b/pkgs/tools/networking/openvpn/systemd-notify.patch
@@ -10,13 +10,13 @@ diff -ru -x '*~' openvpn-2.3.1-orig/src/openvpn/init.c openvpn-2.3.1/src/openvpn
  static struct context *static_context; /* GLOBAL */
  
  /*
-@@ -1241,6 +1243,9 @@
- {
-   static const char message[] = "Initialization Sequence Completed";
+@@ -1375,6 +1375,9 @@
+     /* Reset the unsuccessful connection counter on complete initialisation */
+     c->options.unsuccessful_attempts = 0;
  
-+  /* Tell systemd we're ready. */
-+  sd_notify(0, "READY=1");
++    /* Tell systemd we're ready. */
++    sd_notify(0, "READY=1");
 +
-   /* If we delayed UID/GID downgrade or chroot, do it now */
-   do_uid_gid_chroot (c, true);
+     /* If we delayed UID/GID downgrade or chroot, do it now */
+     do_uid_gid_chroot (c, true);
  
diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix
index 1791abf4a48b..7bcbb4fddb6b 100644
--- a/pkgs/tools/networking/strongswan/default.nix
+++ b/pkgs/tools/networking/strongswan/default.nix
@@ -37,8 +37,9 @@ stdenv.mkDerivation rec {
       "--enable-eap-mschapv2" "--enable-xauth-eap" "--enable-ext-auth"
       "--enable-forecast" "--enable-connmark" "--enable-acert"
       "--enable-pkcs11" "--enable-eap-sim-pcsc" "--enable-dnscert" "--enable-unbound"
-      "--enable-aesni" "--enable-af-alg" "--enable-rdrand" ]
-    ++ stdenv.lib.optional (stdenv.system == "i686-linux") "--enable-padlock" 
+      "--enable-af-alg" ]
+    ++ stdenv.lib.optional stdenv.isx86_64 [ "--enable-aesni" "--enable-rdrand" ]
+    ++ stdenv.lib.optional (stdenv.system == "i686-linux") "--enable-padlock"
     ++ stdenv.lib.optionals enableTNC [
          "--disable-gmp" "--disable-aes" "--disable-md5" "--disable-sha1" "--disable-sha2" "--disable-fips-prf"
          "--enable-curl" "--enable-openssl"