When zone id is explicitly provided, there is no need for the API token to have read permission. Inspired by acme.sh's cloudflare logic.
Signed-off-by: Glen Huang <heyhgl@gmail.com>
This adds a patch from Open embedded to fix compilation with glibc 2.34.
This patch was taken from here:
https://github.com/openembedded/meta-openembedded/blob/master/meta-networking/recipes-daemons/postfix/files/0007-correct-signature-of-closefrom-API.patch
It fixes the following build problem:
/builder/shared-workdir/build/sdk/staging_dir/toolchain-arc_arc700_gcc-11.2.0_glibc/include/unistd.h:366:13: error: conflicting types for 'closefrom'; have 'void(int)'
366 | extern void closefrom (int __lowfd) __THROW;
| ^~~~~~~~~
In file included from attr_clnt.c:87:
./sys_defs.h:1511:12: note: previous declaration of 'closefrom' with type 'int(int)'
1511 | extern int closefrom(int);
| ^~~~~~~~~
make: *** [Makefile:192: attr_clnt.o] Error 1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- [Bug]: Enhanced log output when connecting to servers that do not
support server-sig-algs extensions, making the new-as-of-2.9
defaulting to SHA2 pubkey algorithms more obvious when it kicks in.
- [Bug]: Connecting to servers which support server-sig-algs but
which have no overlap between that list and what a Paramiko client
supports, now raise an exception instead of defaulting to
rsa-sha2-512 (since the use of server-sig-algs allows us to know
what the server supports).
Signed-off-by: Javier Marcet <javier@marcet.info>
What's Changed
- compose images should list images of created containers by @kiniou
- Ignore missing (swarm) overlay networks by @ndeloof
- Remove intermediate containers when build succeeded in classic
build by @notok
- compose ps: fix typo "unknow" -> "unknown" by @webignition
- Add 2 modes test mechanism by @ulyssessouza
- Handle "stop" event by @ndeloof
- Only kill running containers by @ulyssessouza
- compose cp doesn't need a full project and can copy from stopped
containers by @ndeloof
- Add dependabot by @ulyssessouza
- Do not try to guess when to allocate a TTY and keep it as default
by @ulyssessouza
- Bump github.com/golang/mock from 1.5.0 to 1.6.0 by @dependabot
- Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 by @dependabot
- Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1 by
@dependabot
- Bump github.com/buger/goterm from 1.0.0 to 1.0.3 by @dependabot
- Propagate GroupAdd from ServiceConfig to HostConfig by
@lancechentw
- Bump github.com/containerd/console from 1.0.2 to 1.0.3 by
@dependabot
- Bump github.com/AlecAivazis/survey/v2 from 2.2.3 to 2.3.2 by
@dependabot
- Added volume bind option SELinux label :z :Z by @tymonx
- Downgrade goterm to 1.0.1 by @ulyssessouza
Signed-off-by: Javier Marcet <javier@marcet.info>
1. updated to 24.2 (RN: https://github.com/erlang/otp/releases/tag/OTP-24.2)
2. added libstdcpp dependency
3. erlang-hipe was removed in upstream
(ref fccb8482ef)
everything related to erlang-hipe was removed from Makefile
4. updated and refreshed patches
5. host-compile ssl library forced to OpenWrt LibreSSL to avoid using system library
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Update crowdsec-firewall-bouncer to latest upstream release version 0.0.21
Makefile rework
- use tagged version for download
Fixes
- set API_KEY in firewall bouncer config file
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
backport of upstream commit
3c66c1fec7
Original author: Nikhil Benesch <nikhil.benesch@gmail.com>
Remove unnecessary flag in macOS build
The configuration logic for adding the `-search_paths_first` linker
flag on Darwin does not correctly handle cross compilation. It should
check the value of $krb5_cv_host rather than `uname -s` to detect when
the compilation target is Darwin, rather than the build machine.
It turns out `-search_paths_first` has been the default behavior of ld
on macOS since XCode 4. So just remove that bit of logic entirely.
(The flag was added in commit acd27af0e8
in 2004; XCode 4 was released in 2010.)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
With procd-ujail enabled, it is not possible to use HTTPS URLs, for
example when either for downloading torrent files or blocklists. The
followig example occurs when downloading a URL from the "Upload Torrent
Files" dialogue box:
Error adding
"https://releases.ubuntu.com/21.10/ubuntu-21.10-desktop-amd64.iso.torrent":
gotMetadataFromURL: http error 0: No Response
syslog will also hint that no CA_BUNDLE is being used:
transmission-daemon[6683]: [2021-12-30 20:01:30.990] web will verify
tracker certs using envvar CURL_CA_BUNDLE: none (web.c:455)
This patch rectifies this issue by adding a ca_bundle configurable,
enabled by default. This explicitly fixes the ca_bundle file location
to /etc/ssl/certs/ca-certificates.crt and adds this file to the procd
jail. On subsequent testing, HTTPS URL download functionality is
restored.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
The delete variable was misspelled leading to devices always being
removed although they had connected neighbors.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Update crowdsec to latest upstream release version 1.2.2
Makefile rework
- use tagged version for download
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Issue: 2to3 support has been removed in setuptools since version 58.0.0.
Fix: openwrt/packages#17311
Requirements: 2to3/host openwrt/packages#17429
Add upstream patch: 196c55e931
To install/build for python3 from source, it is necessary to convert to py3
codebase before setup (invoke 2to3 or ./fail2ban-2to3 firstly).
> ./fail2ban-2to3
> python3 setup.py build
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
lua-curl-v3 detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux, OS detection is disabled via UNAME=Linux
as a part of MAKE_FLAGS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
NTRU support has been removed in wolfssl 5.0 so it is required to
mask NTRU specific code if wolfssl >= 5.0
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
NTRU support has been removed in wolfssl 5.0 so it is required to
mask NTRU specific code if wolfssl >= 5.0
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>