Currently, we called `/usr/libexec/login.sh` as login command, but unfortunately the auth
is disabled by default in it[1], and this is really serious as it could be a free "backdoor"
for any spoiler who has conntectd to the router via LAN or wireless.
In my option, it shouldn't be exposed to anyone without auth, so I set the default login
command to `/bin/login`. And for those who really want that, they can do it themselves.
1. `login.sh` adjusts whether use authentication or not from system config named ttylogin,
which is set to disabled by default. See package/base-files/files/bin/config_generate#L243.
Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>
3dc6c0af Bump version number to 1.43.0
e8762781 Update AUTHORS
2bf841e2 workflow: Build with UBSAN enabled
7ebab98e Merge pull request #1548 from nghttp2/py3-bindings
23fc6cc9 Bump Linux runner OS to ubuntu 20.04
2e35cdea Update doc
22af8e78 Require python3 for python bindings
c88e9100 Update ax_python_devel.m4
43ba3125 Merge pull request #1547 from nghttp2/sphinx-v3.3
3c17299a Update enum references
a7ecff65 Make doc generation work with sphinx v3.3
79a4f789 Merge pull request #1546 from nghttp2/py3-scripts
28ba0b37 Update document reference
6b7ade9f Require python3 for python scripts
46536729 Bump clang-format to 10
563c1173 Merge pull request #1544 from nghttp2/nghttpx-clear-mcpool
1c04ca80 Merge pull request #1540 from tavrez/patch-1
d32e20bc nghttpx: Make sure that Pool gets cleared when all buffers are returned
8b8ba6b0 Merge pull request #1542 from nghttp2/nghttpx-check-sigalg
81fb0153 nghttpx: Choose ECDSA cert if compatible signature algorithm available
d8c71d5f Added new nghttp2_ksl.c to Windows makefile
fb5b5aef Merge pull request #1537 from nghttp2/nghttpx-allow-colon-in-pattern
6787423e nghttpx: Add workaround to include ':' in backend pattern
ffcdf5df Merge pull request #1533 from LorenzNickel/patch-1
0cdb1738 Fix typo in security.rst
c9d5472f Bump version number to 1.43.0-DEV
15bd71ed Update manual pages
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* add 'ban_extrasources' to handle banIP-unrelated sets for reporting
and queries
* add set timeouts for local sources (maclist, whitelist, blacklist)
Signed-off-by: Dirk Brenken <dev@brenken.org>
This tool can be used to automatically create wireguard tunnels. Using
rpcd a new wireguard interface is created on the server where the client
can connect to.
Wiregurad server automatically installs a user and associated ACL to use
the wireguard-installer-server features. The user is called wginstaller
and so is the password.
Get Usage:
wg-client-installer get_usage --ip 127.0.0.1 --user wginstaller
--password wginstaller
Register Interface:
wg-client-installer register --ip 127.0.0.1 --user wginstaller
--password wginstaller --bandwidth 10 --mtu 1400
Signed-off-by: Nick Hainke <vincent@systemli.org>
Allows targets such as prepare, refresh, or update to be run without
building dependencies for easier patch maintenance.
This is d741a64b7 applied to php8.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The build process uses a minilua helper for code generation
which must not be compiled with target cross-compiler but
the host compiler.
This error was spotted by buildbots:
ext/opcache/minilua /builder/shared-workdir/build/sdk/build_dir/
target-x86_64_musl/php-8.0.1/ext/opcache/jit/dynasm/dynasm.lua
-D X64=1 -o ext/opcache/jit/zend_jit_x86.c /builder/shared-workdir
/build/sdk/build_dir/target-x86_64_musl/php-8.0.1/ext/opcache/jit/zend_jit_x86.dasc
/bin/bash: ext/opcache/minilua: No such file or directory
Makefile:406: recipe for target 'ext/opcache/jit/zend_jit_x86.c' failed
make[4]: *** [ext/opcache/jit/zend_jit_x86.c] Error 127
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Not including an A record mapping will cause nsupdate to balk at
CNAME and MX records (and probably SRV as well) because the target
will be unknown at the time of parsing, until the lease gets
activated.
We need these RR's to be in place well before the servers even
come up.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* major rewrite
* add support for multiple chains
* add mac whitelisting
* add support for multiple ssh daemons in parallel
* add an ipset report engine
* add mail notifications
* add suspend/resume functions
* add a cron wrapper to set an ipset related auto-timer for
automatic blocklist updates
* add a list wrapper to add/remove blocklist sources
* add 19.x and Turris OS 5.x compatibility code
* sources stored in an external compressed json file
(/etc/banip/banip.sources.gz)
* change Country/ASN download sources (faster/more reliable)
* fix DHCPv6/icmpv6 issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add "ipstatistics"-plugin. This plugin parses "/proc/net/netstat" and
"/proc/net/snmp6" to get the overall ipv4 and ipv6 usage.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Allows targets such as prepare, refresh, or update to be run without
building dependencies for easier patch maintenance.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Allows targets such as prepare, refresh, or update to be run without
building dependencies for easier patch maintenance.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Allows targets such as prepare, refresh, or update to be run without
building dependencies for easier patch maintenance.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Fix starting problem:
Starting function should be named 'start_service' instead of 'start_instance'.
Fix reloading problem:
Register reload tigger for uci config itself.
And, xray does not support reload currently, so use legacy restart as reload.
Fixes: 6c9b96352f ("xray-core: add init script")
Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>
Major changes are:
add "vfs objects = acl_xattr" parameter in configuration.
fix wrong group domain name in lsarpc response.
set to SID_TYPE_UNKNOWN if there is no domain sid in server.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Jeffery To