Merge branch 'master' of github.com:webmin/webmin

bind8/conf_zonedef.cgi

@@ -92,7 +92,7 @@ if (&supports_dnssec()) {
 
 	# Default algorithm
 	print &ui_table_row($text{'zonedef_alg'},
-		&ui_select("alg", $config{'tmpl_dnssecalg'} || "RSASHA1",
+		&ui_select("alg", $config{'tmpl_dnssecalg'} || "RSASHA256",
 			   [ &list_dnssec_algorithms() ]), 3);
 
 	# Default size

mailboxes/boxes-lib.pl

@@ -2087,10 +2087,20 @@ foreach $f (@files) {
 		$i++;
 		next;
 		}
+	local $idx = $i++;
 	local $mail = &read_mail_file($f, $_[3]);
-	$mail->{'idx'} = $i++;
-	$mail->{'id'} = $f;	# ID is relative path, like cur/4535534
-	$mail->{'id'} = substr($mail->{'id'}, length($_[0])+1);
+	if (!$mail && !$_[4]) {
+		# The cached Maildir file list can be stale if another client
+		# deleted or moved a message. Re-read it once before returning
+		# blank entries to the caller.
+		&flush_maildir_cachefile($_[0]);
+		return &list_maildir($_[0], $_[1], $_[2], $_[3], 1);
+		}
+	if ($mail) {
+		$mail->{'idx'} = $idx;
+		$mail->{'id'} = $f;	# ID is relative path, like cur/4535534
+		$mail->{'id'} = substr($mail->{'id'}, length($_[0])+1);
+		}
 	push(@rv, $mail);
 	}
 return @rv;
@@ -2110,9 +2120,11 @@ return map { substr($_, length($file)+1) } &get_maildir_files($file);
 sub select_maildir
 {
 local ($file, $ids, $headersonly) = @_;
+local $retried = $_[3];
 &mark_read_maildir($file);
 local @files = &get_maildir_files($file);
 local @rv;
+local $missing;
 foreach my $i (@$ids) {
 	local $path = "$file/$i";
 	local $mail = &read_mail_file($path, $headersonly);
@@ -2139,8 +2151,15 @@ foreach my $i (@$ids) {
 		# Get index in directory
 		$mail->{'idx'} = &indexof($path, @files);
 		}
+	else {
+		$missing = 1;
+		}
 	push(@rv, $mail);
 	}
+if ($missing && !$retried) {
+	&flush_maildir_cachefile($file);
+	return &select_maildir($file, $ids, $headersonly, 1);
+	}
 return @rv;
 }
 
@@ -2167,7 +2186,7 @@ else {
 	# Check the on-disk cache file
 	local $cachefile = &get_maildir_cachefile($_[0]);
 	local @cst = $cachefile ? stat($cachefile) : ( );
-	if ($cst[9] >= $newest) {
+	if ($cst[9] > $newest) {
 		# Can read the cache
 		open(CACHE, "<", $cachefile);
 		while(<CACHE>) {
@@ -2188,6 +2207,32 @@ else {
 					# Flagged as deleted by IMAP .. skip
 					next;
 					}
+				# Skip entries that cannot be read as messages.
+				local $path = "$_[0]/$d/$f";
+				local @fst = stat($path);
+				if (!@fst) {
+					&error_stderr("Skipping Maildir file ".
+						      "$path : stat failed : ".
+						      "$!");
+					next;
+					}
+				if (!$fst[7]) {
+					&error_stderr("Skipping Maildir file ".
+						      "$path : file is zero ".
+						      "bytes");
+					next;
+					}
+				if (!-r _) {
+					my $m = sprintf("%04o",$fst[2] & 07777);
+					my $o = getpwuid($fst[4]) || $fst[4];
+					my $g = getgrgid($fst[5]) || $fst[5];
+					&error_stderr("Skipping Maildir file ".
+						      "$path : not readable by".
+						      " current user, owner=".
+						      "$o($fst[4]):$g($fst[5])".
+						      " mode=$m");
+					next;
+					}
 				push(@shorts, "$d/$f")
 				}
 			closedir(DIR);
@@ -2661,11 +2706,13 @@ sub read_mail_file
 my ($file, $headersonly) = @_;
 
 # Open and read the mail file
+local @st = stat($file);
+return undef if (@st && !$st[7]);
 &open_as_mail_user(MAIL, $file) || return undef;
 my $mail = &read_mail_fh(MAIL, 0, $headersonly);
-$mail->{'file'} = $file;
 close(MAIL);
-local @st = stat($file);
+
+$mail->{'file'} = $file;
 $mail->{'size'} = $st[7];
 $mail->{'time'} = $st[9];
 $mail->{'ctime'} = $st[10];

mailboxes/folders-lib.pl

@@ -174,6 +174,7 @@ elsif ($_[2]->{'type'} == 4) {
 	local $count = $rv[2];
 	return () if (!$count);
 	$_[2]->{'lastchange'} = $rv[3] if ($rv[3]);
+	$_[2]->{'mailcount'} = $count;
 
 	# Work out what range we want
 	local ($start, $end) = &compute_start_end($_[0], $_[1], $count);
@@ -458,6 +459,7 @@ elsif ($folder->{'type'} == 4) {
 		}
 	local $h = $irv[1];
 	local $count = $irv[2];
+	$folder->{'mailcount'} = $count;
 	return () if (!$count);
         $folder->{'lastchange'} = $irv[3] if ($irv[3]);
 
@@ -637,8 +639,9 @@ elsif ($folder->{'type'} == 4) {
 		}
 	local $h = $rv[1];
 	local $count = $rv[2];
+	$folder->{'mailcount'} = $count;
 	return () if (!$count);
-        $folder->{'lastchange'} = $irv[3] if ($irv[3]);
+        $folder->{'lastchange'} = $rv[3] if ($rv[3]);
 
 	@rv = &imap_command($h, "FETCH 1:$count UID");
 	foreach my $uid (@{$rv[1]}) {
@@ -708,6 +711,8 @@ else {
 sub mailbox_list_mails_sorted
 {
 local ($start, $end, $folder, $headersonly, $error, $field, $dir) = @_;
+local ($requested_start, $requested_end) = ($start, $end);
+local $retried = $_[7];
 print DEBUG "mailbox_list_mails_sorted from $start to $end\n";
 if (!$field) {
 	# Default to current ordering
@@ -738,11 +743,25 @@ local @rv = map { undef } (0 .. scalar(@sorter)-1);
 local @wantids = map { $sorter[$_] } ($start .. $end);
 print DEBUG "wantids = ",scalar(@wantids),"\n";
 local @mails = &mailbox_select_mails($folder, \@wantids, $headersonly);
+local @missing;
 for(my $i=0; $i<@mails; $i++) {
+	if (!$mails[$i]) {
+		push(@missing, $wantids[$i]);
+		next;
+		}
 	$rv[$start+$i] = $mails[$i];
 	print DEBUG "setting $start+$i to ",$mails[$i]," id ",$wantids[$i],"\n";
 	$mails[$i]->{'sortidx'} = $start+$i;
 	}
+if (@missing && !$retried) {
+	# A sorted IMAP list can contain UIDs for messages that were
+	# expunged or moved by another client. Force one rebuild so stale
+	# entries don't render as blank 1969/no-subject rows.
+	&force_new_index_recheck($folder);
+	return &mailbox_list_mails_sorted($requested_start, $requested_end,
+					  $folder, $headersonly, $error,
+					  $field, $dir, 1);
+	}
 print DEBUG "rv = ",scalar(@rv),"\n";
 return @rv;
 }
@@ -808,7 +827,9 @@ local $ifile = &folder_new_sort_index_file($folder);
 &open_dbm_db($index, $ifile, 0600);
 print DEBUG "indexchange=$index->{'lastchange'} folderchange=$folder->{'lastchange'}\n";
 if ($index->{'lastchange'} != $folder->{'lastchange'} ||
-    !$folder->{'lastchange'}) {
+    !$folder->{'lastchange'} ||
+    (defined($folder->{'mailcount'}) &&
+     $index->{'mailcount'} != $folder->{'mailcount'})) {
 	# The mail file has changed .. get IDs and update the index with any
 	# that are missing
 	local @ids = &mailbox_idlist($folder);
@@ -823,6 +844,7 @@ if ($index->{'lastchange'} != $folder->{'lastchange'} ||
 	local @mails = scalar(@newids) ?
 			&mailbox_select_mails($folder, \@newids, 1) : ( );
 	foreach my $mail (@mails) {
+		next if (!$mail || !defined($mail->{'id'}));
 		foreach my $f (@index_fields) {
 			if ($f eq "date") {
 				# Convert date to Unix time

mailboxes/mailboxes-lib.pl

@@ -1209,6 +1209,7 @@ print &ui_columns_start(\@hcols, 100, 0, \@tds);
 # Show rows for actual mail messages
 my $i = 0;
 foreach my $mail (@mail) {
+	next if (!$mail);
 	local $idx = $mail->{'idx'};
 	local $cols = 0;
 	local @cols;

net/net-detect.pl

@@ -0,0 +1,32 @@
+# net-detect.pl
+# Helper functions for choosing the network config backend
+
+sub net_has_network_manager_config
+{
+my ($dir) = @_;
+$dir ||= "/etc/NetworkManager/system-connections";
+my @files = glob("$dir/*.nmconnection");
+return -d $dir && scalar(@files);
+}
+
+sub net_has_netplan_config
+{
+my ($dir) = @_;
+$dir ||= "/etc/netplan";
+return &has_command("netplan") &&
+       -d $dir;
+}
+
+sub net_auto_backend
+{
+my ($os_type, $netplan_dir, $nm_conn_dir) = @_;
+return "netplan"
+	if ($os_type eq "debian-linux" &&
+	    &net_has_netplan_config($netplan_dir));
+return "nm"
+	if (($os_type eq "redhat-linux" || $os_type eq "debian-linux") &&
+	    &net_has_network_manager_config($nm_conn_dir));
+return undef;
+}
+
+1;

net/net-lib.pl

@@ -6,6 +6,9 @@ use WebminCore;
 &init_config();
 %access = &get_module_acl();
 $access{'ipnodes'} = $access{'hosts'};
+do "net-detect.pl";
+
+$auto_net_mode = &net_auto_backend($gconfig{'os_type'});
 
 if (-r "$module_root_directory/$gconfig{'os_type'}-$gconfig{'os_version'}-lib.pl") {
 	do "$gconfig{'os_type'}-$gconfig{'os_version'}-lib.pl";
@@ -23,20 +26,16 @@ elsif ($gconfig{'os_type'} eq 'slackware-linux' &&
 	do "$gconfig{'os_type'}-9.1-ALL-lib.pl";
 	$net_mode = $gconfig{'os_type'}."/9.1";
 	}
-elsif ($gconfig{'os_type'} eq 'redhat-linux' &&
-       -d "/etc/NetworkManager/system-connections" &&
-       glob("/etc/NetworkManager/system-connections/*.nmconnection")) {
-	# Special case for systems with network manager
-	do 'nm-lib.pl';
-	$net_mode = "nm";
-	}
-elsif ($gconfig{'os_type'} eq 'debian-linux' && 
-       &has_command("netplan") &&
-       -d "/etc/netplan") {
+elsif ($auto_net_mode eq "netplan") {
 	# Special case for newer Ubuntu versions
 	do "netplan-lib.pl";
 	$net_mode = "netplan";
 	}
+elsif ($auto_net_mode eq "nm") {
+	# Special case for systems with network manager
+	do 'nm-lib.pl';
+	$net_mode = "nm";
+	}
 else {
 	do "$gconfig{'os_type'}-lib.pl";
 	$net_mode = $gconfig{'os_type'};

net/nm-lib.pl

@@ -231,7 +231,7 @@ my $method6 = $iface->{'auto6'} ? "auto" :
 # Update nameservers
 my @ns = $iface->{'nameserver'} ? @{$iface->{'nameserver'}} : ();
 my @ns4 = grep { &check_ipaddress($_) } @ns;
-my @ns6 = grep { &check_ip6address($ns6) } @ns;
+my @ns6 = grep { &check_ip6address($_) } @ns;
 &save_nm_config($cfg, "ipv4", "dns", @ns4 ? join(" ", @ns4) : undef) if (@ns4);
 &save_nm_config($cfg, "ipv6", "dns", @ns6 ? join(" ", @ns6) : undef) if (@ns6);
 my @sr = $iface->{'search'} ? @{$iface->{'search'}} : ();

net/t/run-tests.t

@@ -4,6 +4,7 @@ use warnings;
 use Test::More;
 use Cwd qw(abs_path);
 use File::Basename qw(dirname);
+use File::Path qw(make_path);
 use File::Temp qw(tempdir);
 
 my $root = abs_path(dirname(__FILE__)."/../..") or die "rootdir: $!";
@@ -58,6 +59,7 @@ close($fh) || die "close $file: $!";
 sub lock_file { return 1; }
 sub unlock_file { return 1; }
 sub error { die join("", @_), "\n"; }
+sub unflush_file_lines { delete($file_cache{$_[0]}); }
 sub has_command { return $_[0] eq "netplan" ? "/usr/sbin/netplan" : undef; }
 sub execute_command_logged
 {
@@ -68,6 +70,13 @@ $$stdout = $out if (ref($stdout));
 $$stderr = $out if (ref($stderr) && $stderr ne $stdout);
 return $command_status{$cmd} || 0;
 }
+sub backquote_logged
+{
+my ($cmd) = @_;
+push(@commands, $cmd);
+$? = $command_status{$cmd} || 0;
+return $command_output{$cmd} || "";
+}
 sub check_ipaddress { return $_[0] =~ /^\d+\.\d+\.\d+\.\d+$/; }
 sub check_ip6address { return $_[0] =~ /:/; }
 sub check_ipaddress_any { return &check_ipaddress($_[0]) || &check_ip6address($_[0]); }
@@ -83,6 +92,29 @@ return -1;
 }
 
 unshift(@INC, "$root/net", $root);
+do "$root/net/net-detect.pl" || die "net-detect.pl: $@ $!";
+
+my $detect_root = tempdir(CLEANUP => 1);
+my $detect_netplan = "$detect_root/netplan";
+my $detect_no_netplan = "$detect_root/no-netplan";
+my $detect_nm = "$detect_root/NetworkManager/system-connections";
+my $detect_nm_empty = "$detect_root/NetworkManager-empty/system-connections";
+make_path($detect_netplan, $detect_nm, $detect_nm_empty);
+write_text("$detect_nm/eth0.nmconnection", "");
+
+is(main::net_auto_backend("debian-linux", $detect_netplan, $detect_nm_empty),
+   "netplan", "Debian uses Netplan when the config directory exists");
+is(main::net_auto_backend("debian-linux", $detect_no_netplan, $detect_nm),
+   "nm", "Debian uses NetworkManager when only nmconnection files exist");
+is(main::net_auto_backend("redhat-linux", $detect_no_netplan, $detect_nm),
+   "nm", "Red Hat still uses NetworkManager when nmconnection files exist");
+write_text("$detect_netplan/50-cloud-init.yaml", "");
+is(main::net_auto_backend("debian-linux", $detect_netplan, $detect_nm),
+   "netplan", "Debian prefers Netplan over NetworkManager when YAML exists");
+unlink("$detect_netplan/50-cloud-init.yaml");
+is(main::net_auto_backend("debian-linux", $detect_no_netplan, $detect_nm_empty),
+   undef, "Debian falls back when no Netplan or NetworkManager config exists");
+
 do "$root/net/netplan-lib.pl" || die "netplan-lib.pl: $@ $!";
 
 {
@@ -167,4 +199,37 @@ is_deeply(\@commands,
 	    "(cd / && /usr/sbin/netplan apply)" ],
 	  "apply_network validates before applying");
 
+do "$root/net/nm-lib.pl" || die "nm-lib.pl: $@ $!";
+my $nmfile = "$tmp/eth0.nmconnection";
+write_text($nmfile, <<'NM');
+[connection]
+id=eth0
+uuid=11111111-2222-3333-4444-555555555555
+type=ethernet
+interface-name=eth0
+
+[ipv4]
+method=auto
+
+[ipv6]
+method=disabled
+NM
+my $nmcfg = main::read_nm_config($nmfile);
+my $nmiface = {
+	'name' => 'eth0',
+	'fullname' => 'eth0',
+	'file' => $nmfile,
+	'cfg' => $nmcfg,
+	'edit' => 1,
+	'up' => 1,
+	'dhcp' => 1,
+	'address6' => [ ],
+	'netmask6' => [ ],
+	'nameserver' => [ "2001:4860:4860::8888" ],
+	};
+@commands = ( );
+main::save_interface($nmiface, [ $nmiface ]);
+like(join("\n", @commands), qr/ipv6\.dns/,
+     "NetworkManager save_interface writes IPv6 nameservers");
+
 done_testing();

phpini/phpini-lib.pl

@@ -468,6 +468,14 @@ elsif ($file =~ /\/(php-fpm)\.conf/) {
 		return $init;
 		}
 	}
+# Generic /etc/php.ini config shared by EL PHP-FPM packages
+elsif ($file eq "/etc/php.ini") {
+	my $init = "php-fpm";
+	my $st = &init::action_status($init);
+	if ($st) {
+		return $init;
+		}
+	}
 return undef;
 }
 

proc/proc-lib.pl

@@ -249,11 +249,11 @@ do {    local $oldexit = $?;
 	} while($xp > 0);
 }
 
-# pty_process_exec(command, [uid, gid], [force-binary-name])
+# pty_process_exec(command, [uid, gid], [force-binary-name], [skip-stty])
 # Starts the given command in a new pty and returns the pty filehandle and PID
 sub pty_process_exec
 {
-local ($cmd, $uid, $gid, $binary) = @_;
+local ($cmd, $uid, $gid, $binary, $skip_stty) = @_;
 if (&is_readonly_mode()) {
 	# When in readonly mode, don't run the command
 	$cmd = "/bin/true";
@@ -262,6 +262,13 @@ if (&is_readonly_mode()) {
 	if ($gconfig{'debug_what_cmd'});
 
 my ($ptyfh, $ttyfh, $pty, $tty, $TIOCSCTTY);
+my $set_pty_raw_noecho = sub {
+	my ($ttyfh) = @_;
+	eval "use IO::Stty";
+	if (!$@) {
+		IO::Stty::stty($ttyfh, 'raw', '-echo');
+		}
+	};
 
 eval "use IO::Pty";
 if (!$@) {
@@ -281,10 +288,7 @@ if (!$@) {
 		$ptyfh->make_slave_controlling_terminal();
 
 		# Turn off echoing, if we can
-		eval "use IO::Stty";
-		if (!$@) {
-			IO::Stty::stty($ttyfh, 'raw', '-echo');
-			}
+		$set_pty_raw_noecho->($ttyfh) if (!$skip_stty);
 
 		close(STDIN); close(STDOUT); close(STDERR);
 		untie(*STDIN); untie(*STDOUT); untie(*STDERR);
@@ -342,10 +346,7 @@ elsif (defined &linux_openpty &&
 			};
 
 		# Turn off echoing, if we can
-		eval "use IO::Stty";
-		if (!$@) {
-			IO::Stty::stty($ttyfh, 'raw', '-echo');
-			}
+		$set_pty_raw_noecho->($ttyfh) if (!$skip_stty);
 
 		close(STDIN); close(STDOUT); close(STDERR);
 		untie(*STDIN); untie(*STDOUT); untie(*STDERR);
@@ -397,10 +398,7 @@ else {
 			}
 
 		# Turn off echoing, if we can
-		eval "use IO::Stty";
-		if (!$@) {
-			IO::Stty::stty($ttyfh, 'raw', '-echo');
-			}
+		$set_pty_raw_noecho->($ttyfh) if (!$skip_stty);
 
 		if (defined(&open_controlling_pty)) {
 			&open_controlling_pty($ptyfh, $ttyfh, $pty, $tty);

setup.pl

@@ -494,7 +494,7 @@ else {
 		$cert = &tempname();
 		$key = &tempname();
 		$addtextsup = &get_openssl_version() >= 1.1 ? "-addext subjectAltName=DNS:$host,DNS:localhost -addext extendedKeyUsage=serverAuth" : "";
-		open(SSL, "| openssl req -newkey rsa:2048 -x509 -nodes -out $cert -keyout $key -days 1825 -sha256 -subj '/CN=$host/C=US/L=Santa Clara' $addtextsup >/dev/null 2>&1");
+		open(SSL, "| openssl req -newkey rsa:4096 -x509 -nodes -out $cert -keyout $key -days 1825 -sha256 -subj '/CN=$host/C=US/L=Santa Clara' $addtextsup >/dev/null 2>&1");
 		print SSL ".\n";
 		print SSL ".\n";
 		print SSL ".\n";

setup.sh

@@ -607,7 +607,7 @@ else
 			addtextsup=""
 		fi
 		# We can generate a new SSL key for this host
-		openssl req -newkey rsa:2048 -x509 -nodes -out $tempdir/cert -keyout $tempdir/key -days 1825 -sha256 -subj "/CN=$host/C=US/L=Santa Clara" $addtextsup >/dev/null 2>&1 <<EOF
+		openssl req -newkey rsa:4096 -x509 -nodes -out $tempdir/cert -keyout $tempdir/key -days 1825 -sha256 -subj "/CN=$host/C=US/L=Santa Clara" $addtextsup >/dev/null 2>&1 <<EOF
 .
 .
 .

sshd/sshd-lib.pl

@@ -505,7 +505,7 @@ if ($version{'type'} eq 'openssh' && $version{'number'} >= 6.5) {
 	return "ed25519";
 	}
 if ($version{'type'} eq 'openssh' && $version{'number'} >= 3.2) {
-	return "rsa1";
+	return "rsa";
 	}
 return undef;
 }

sshd/useradmin_update.pl

@@ -11,12 +11,13 @@ if ($config{'sync_create'} && &has_command($config{'keygen_path'}) &&
 	local $cmd;
 	local $type = $config{'sync_type'} || &get_preferred_key_type();
 	local $tflag = $type ? "-t $type" : "";
+	local $bflag = $type eq "rsa" ? "-b 4096" : "";
 	if ($config{'sync_pass'} && $uinfo->{'passmode'} == 3) {
-		$cmd = "$config{'keygen_path'} $tflag -P ".
+		$cmd = "$config{'keygen_path'} $tflag $bflag -P ".
 		       quotemeta($uinfo->{'plainpass'});
 		}
 	else {
-		$cmd = "$config{'keygen_path'} $tflag -P \"\"";
+		$cmd = "$config{'keygen_path'} $tflag $bflag -P \"\"";
 		}
 	&system_logged("echo '' | ".&command_as_user($uinfo->{'user'}, 0, $cmd).
 		       " >/dev/null 2>&1");

status/status-lib.pl

@@ -493,7 +493,10 @@ return ( { 'id' => 'tmobile',
            'domain' => 't.vodafone.ne.jp' },
          { 'id' => 'bellcanada',
            'desc' => 'Bell Canada',
-           'domain' => 'txt.bellmobility.ca' },
+           'domain' => 'txt.bell.ca' },
+         { 'id' => 'luckymobile',
+           'desc' => 'Lucky Mobile',
+           'domain' => 'txt.bell.ca' },
          { 'id' => 'bellsouth',
            'desc' => 'Bell South',
            'domain' => 'sms.bellsouth.com' },

ui-lib.pl

@@ -1,6 +1,7 @@
 use vars qw($theme_no_table $ui_radio_selector_donejs $module_name
 	    $ui_multi_select_donejs, $ui_formcount,
-	    $ui_form_end_side_by_side_donecss);
+	    $ui_form_end_side_by_side_donecss,
+	    $ui_form_grouped_buttons_donecss);
 
 =head1 ui-lib.pl
 
@@ -817,6 +818,48 @@ $rv .= &_ui_form_end_nojs($nojs);
 return $rv;
 }
 
+=head2 ui_form_grouped_buttons(&groups, [width])
+
+Returns HTML for a responsive row of submit buttons, without closing the form.
+Each button uses the same array format as C<ui_form_end>.
+
+Pass an array of button groups. A group can be a normal button list, or a list
+of button lists when you want a visible gap between sets of buttons. Groups are
+spread across the row when there is room, and wrap on narrow screens. Buttons
+inside the same list stay visually joined.
+
+Example :
+
+  my @save_buttons = ([ undef, $text{'save'} ]);
+  my @control_buttons = ([ 'start', $text{'start'} ],
+                         [ 'stop', $text{'stop'} ]);
+  my @delete_buttons = ([ 'delete', $text{'delete'} ]);
+
+  print &ui_form_grouped_buttons([
+    [ \@save_buttons, \@control_buttons ],
+    \@delete_buttons,
+    ]);
+
+=cut
+sub ui_form_grouped_buttons
+{
+return &theme_ui_form_grouped_buttons(@_) if (defined(&theme_ui_form_grouped_buttons));
+my ($groups, $width) = @_;
+$groups ||= [ ];
+my @groups = grep { $_ && ref($_) eq 'ARRAY' && @$_ } @$groups;
+return "" if (!@groups);
+
+my %attrs = ( 'class' => 'ui_form_grouped_buttons' );
+$attrs{'style'} = "width:$width" if ($width);
+my $rv = &_ui_form_grouped_buttons_css();
+$rv .= &ui_tag_start('div', \%attrs);
+foreach my $group (@groups) {
+	$rv .= &_ui_form_grouped_buttons_group($group);
+	}
+$rv .= &ui_tag_end('div');
+return $rv;
+}
+
 sub _ui_form_end_buttons_table
 {
 my ($buttons, $width, $formid, $class) = @_;
@@ -850,6 +893,54 @@ $rv .= "</tr></table>\n";
 return $rv;
 }
 
+sub _ui_form_grouped_buttons_group
+{
+my ($group) = @_;
+my @clusters = &_ui_form_grouped_buttons_clusters($group);
+return "" if (!@clusters);
+my $rv = &ui_tag_start('div', { 'class' => 'ui_form_grouped_group' });
+foreach my $cluster (@clusters) {
+	$rv .= &_ui_form_grouped_buttons_cluster($cluster);
+	}
+$rv .= &ui_tag_end('div');
+return $rv;
+}
+
+sub _ui_form_grouped_buttons_clusters
+{
+my ($group) = @_;
+return ( ) if (!$group || ref($group) ne 'ARRAY' || !@$group);
+foreach my $item (@$group) {
+	next if (!defined($item));
+	return ref($item) eq 'ARRAY' &&
+	       (!@$item || ref($item->[0]) eq 'ARRAY') ?
+		grep { $_ && ref($_) eq 'ARRAY' && @$_ } @$group :
+		( $group );
+	}
+return ( );
+}
+
+sub _ui_form_grouped_buttons_cluster
+{
+my ($buttons) = @_;
+return "" if (!$buttons || !@$buttons);
+my $rv = &ui_tag_start('span', { 'class' => 'ui_form_grouped_cluster' });
+foreach my $b (@$buttons) {
+	next if (!defined($b));
+	if (ref($b)) {
+		my $submit = &ui_submit($b->[1], $b->[0], $b->[3], $b->[4]);
+		chomp($submit);
+		$rv .= $submit;
+		$rv .= $b->[2] ? " ".$b->[2] : "";
+		}
+	elsif ($b) {
+		$rv .= $b;
+		}
+	}
+$rv .= &ui_tag_end('span');
+return $rv;
+}
+
 sub _ui_form_end_side_by_side_css
 {
 return "" if ($ui_form_end_side_by_side_donecss++);
@@ -876,6 +967,41 @@ return <<'EOF';
 EOF
 }
 
+sub _ui_form_grouped_buttons_css
+{
+return "" if ($ui_form_grouped_buttons_donecss++);
+my $css = <<'EOF';
+.ui_form_grouped_buttons {
+	display: flex;
+	flex-wrap: wrap;
+	gap: 0.5em 0.45em;
+	align-items: flex-start;
+	justify-content: space-between;
+	width: 100%;
+}
+.ui_form_grouped_group {
+	display: flex;
+	flex-wrap: wrap;
+	flex: 0 0 auto;
+	align-items: center;
+	width: max-content;
+	max-width: 100%;
+	margin: 0 -0.45em -0.45em 0;
+}
+.ui_form_grouped_cluster {
+	display: flex;
+	flex-wrap: wrap;
+	align-items: center;
+	max-width: 100%;
+	margin: 0 0.45em 0 0;
+}
+.ui_form_grouped_cluster .ui_submit {
+	margin: 0 0 0.45em 0;
+}
+EOF
+return &ui_tag('style', $css, { 'type' => 'text/css' });
+}
+
 sub _ui_form_end_nojs
 {
 my ($nojs) = @_;
@@ -2719,16 +2845,17 @@ Returns HTML for a text string, with its color determined by $type.
 sub ui_text_color
 {
 my ($text, $type) = @_;
-my ($color);
+my ($color, $class_type);
 
 if (defined (&theme_ui_text_color)) {
     return &theme_ui_text_color(@_);
     }
-if ($type eq "success") { $color = "#3c763d"; }
-elsif ($type eq "info") { $color = "#31708f"; }
-elsif ($type eq "warn") { $color = "#8a6d3b"; }
-elsif ($type eq "danger") { $color = "#a94442"; }
-return "<span class=\"ui_text_color text_type_$type\" style=\"color: $color\">$text</span>";
+$class_type = $type eq "warn" ? "warning" : $type;
+if ($type eq "success") { $color = "var(--text-color-success, #3c763d)"; }
+elsif ($type eq "info") { $color = "var(--text-color-info, #31708f)"; }
+elsif ($type eq "warn") { $color = "var(--text-color-warning, #8a6d3b)"; }
+elsif ($type eq "danger") { $color = "var(--text-color-danger, #a94442)"; }
+return "<span class=\"ui_text_color text_type_$type text-$class_type\" style=\"color: $color\">$text</span>";
 }
 
 =head2 ui_alert_box(msg, type)
@@ -3934,4 +4061,3 @@ return $rv;
 }
 
 1;
-

usermin/change_ssl.cgi

@@ -47,7 +47,7 @@ elsif ($in{'cipher_list_def'} == 3) {
 		# Generate file needed for PFS
 		my $out = &backquote_command(
 			"openssl dhparam -out ".
-			quotemeta($miniserv{'dhparams_file'})." 2048 2>&1");
+			quotemeta($miniserv{'dhparams_file'})." 4096 2>&1");
 		if ($?) {
 			&error(&text('ssl_edhparams',
 				     "<pre>".&html_escape($out)."</pre>"));

usermin/usermin-lib.pl

@@ -41,7 +41,7 @@ $latest_page_url = "$http_proto://$update_host/index6.html";
 $latest_rpm = "$http_proto://$update_host/download/usermin-latest.noarch.rpm";
 $latest_tgz = "$http_proto://$update_host/download/usermin-latest.tar.gz";
 
-$default_key_size = 2048;
+$default_key_size = 4096;
 
 $cron_cmd = "$module_config_directory/update.pl";
 

webmin/change_ssl.cgi

@@ -47,7 +47,7 @@ elsif ($in{'cipher_list_def'} == 3) {
 		# Generate file needed for PFS
 		my $out = &backquote_command(
 			"openssl dhparam -out ".
-			quotemeta($miniserv{'dhparams_file'})." 2048 2>&1");
+			quotemeta($miniserv{'dhparams_file'})." 4096 2>&1");
 		if ($?) {
 			&error(&text('ssl_edhparams',
 				     "<pre>".&html_escape($out)."</pre>"));

webmin/letsencrypt-lib.pl

@@ -269,7 +269,7 @@ if ($letsencrypt_cmd) {
 			}
 		}
 	$dir =~ s/\/[^\/]+$//;
-	$size ||= 2048;
+	$size ||= 4096;
 	my $out;
 	my $common_flags = " --duplicate".
 			   " --force-renewal".

webmin/webmin-lib.pl

@@ -64,7 +64,7 @@ our $third_port = $primary_port;
 our $third_page = "/cgi-bin/third.cgi";
 our $third_ssl = $primary_ssl;
 
-our $default_key_size = "2048";
+our $default_key_size = "4096";
 
 our $webmin_yum_repo_file = "/etc/yum.repos.d/webmin.repo";
 our $webmin_yum_repo_url = "https://download.webmin.com/download/newkey/yum";

xterm/shellserver.pl

@@ -86,7 +86,8 @@ if ($config{'rcfile'} ne '0') {
 		$shelllogin = undef;
 		}
 	}
-my ($shellfh, $pid) = proc::pty_process_exec($shellexec, $uid, $gid, $shelllogin);
+my ($shellfh, $pid) = proc::pty_process_exec(
+	$shellexec, $uid, $gid, $shelllogin, 1);
 reset_environment();
 my $shcmd = "'$shellexec".($shelllogin ? " $shelllogin" : "")."'";
 if (!$pid) {