- When the system hostname domain changes, update `localhost.<old-domain>` in Postfix `mydestination` to `localhost.<new-domain>`.
- This sits alongside the existing hostname/FQDN updates for Postfix destinations.
Previous behavior:
`save_dns.cgi` only updated Postfix `mydestination` entries that exactly matched:
- the old short hostname, like `host`
- the old FQDN, like `host.old-domain.test`
It did **not** update:
- `localhost.old-domain.test`
So if you changed:
```text
host.old-domain.test
```
to:
```text
host.new-domain.test
```
Postfix could become:
```text
mydestination = host.new-domain.test, host, localhost.old-domain.test
```
After this hunk, it also updates that localhost domain entry:
```text
localhost.old-domain.test
```
to:
```text
localhost.new-domain.test
```
- Preserve existing spacing and inline comments when rewriting `/etc/nsswitch.conf` `hosts:` lines.
- Preserve indentation, comment prefix, inline comments, and field separators when rewriting `/etc/hosts` rows.
- Add tests for the `nsswitch.conf` spacing/comment behavior.
ⓘ Treat Linux active virtual interfaces as secondary IP addresses instead of independent links, fixing alias parsing, hiding invalid status controls, rejecting down-state creation, and removing existing aliases with ip addr del when needed.
Reproduce path:
Example repro before this fix:
1. Go to **Network Configuration → Network Interfaces → Active Now**.
2. Click **Add a new interface**.
3. Enter:
```text
Name: enp0s5:1
IPv4 address: 10.211.55.21
Netmask: 255.255.255.0
Status: Down
```
4. Click **Create**.
Before the fix, Webmin could still create the alias or handle it inconsistently, because `enp0s5:1` is not a real link that can be “down”. It is just an extra IP address on `enp0s5`.
Expected after the fix:
- The UI should not offer `Status` for active virtual aliases.
- If someone submits `up=0` manually anyway, Webmin rejects it with:
`Virtual interfaces cannot be created with down status`
- If an existing active virtual alias is saved as down through lower-level code, Webmin removes the IP using something like:
```bash
ip addr del 10.211.55.21/24 dev enp0s5
```
This PR fixes Webmin IP access control handling for IPv6 CIDR prefixes that are not divisible by 8, such as `/29` as mentioned in this https://github.com/webmin/webmin/issues/1570 ticket.
Before Webmin validation rejected non-byte-aligned IPv6 network sizes, and the runtime matcher compared IPv6 networks only by whole bytes. This meant valid IPv6 CIDR prefixes could not be used safely in access control rules.
Changes:
- Allow IPv6 access-control prefixes from `/0` through `/128`, without requiring divisibility by 8.
- Add bit-accurate IPv6 prefix matching for ACL checks.
- Apply the same matching behavior in both `miniserv.pl` and `webmin/webmin-lib.pl`.
- Fix IPv6 canonicalization for `::` and trailing `::` forms used by the matcher.
- Add regression tests for `/0`, `/29`, `/32`, `/63`, `/64`, `/127`, and `/128`.
ⓘ The Postfix module’s “Virtual Domains” page actually manages `virtual_alias_maps`, not `virtual_mailbox_domains`.
This updates the UI labels, help text, ACL wording, and log message to call the feature "Virtual Alias Maps", reducing confusion without changing behavior.
https://github.com/webmin/webmin/issues/1541
ⓘ Adds hidden `tempdirname` support and normalizes custom temp paths so Webmin always uses a private final directory like `.webmin`, while keeping the existing permission checks.
setup_ssl_contexts() registers CTX_set_tlsext_servername_callback only
on the default (*) context. Per-IP contexts from ipcert entries do not
get the callback. When a client connects to a dedicated IP, the per-IP
context is used directly, the SNI callback never fires, and the wrong
certificate is served regardless of the requested hostname.
Fix: register the same SNI callback on every context in %ssl_contexts.
The callback function is unchanged. Clients without SNI still receive
the per-IP certificate. Clients with SNI get the correct certificate
matched by hostname.
Related: https://github.com/virtualmin/virtualmin-gpl/pull/1229
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ⓘ Support IPv4/IPv6 identifiers in Webmin Let’s Encrypt requests, add days/months renewal scheduling, and enforce safe automatic renewal defaults for short-lived IP certificates.
a56748a3fc (r188893457)
ⓘ Move "custom" and "postgresql" into the core Webmin package and add Debian/RPM package metadata so upgrades retire the old standalone module packages cleanly.
