New version bump

https://www.virtualmin.com/node/69464

It would better to factor this functionality out in a separate sub

README.md

@@ -29,7 +29,7 @@ Webmin can be installed in two different ways:
  1. By downloading a pre-built package, available for different distributions (CentOS, Fedora, SuSE, Mandriva, Debian, Ubuntu, Solaris and [other](http://www.webmin.com/support.html)) from our [download page](http://webmin.com/download.html);
   <kbd>Note: It is highly recommended to [add repository](https://doxfer.webmin.com/Webmin/Installation) to your system for having automatic updates.</kbd>
 
- 2. By downloading, extracting [source file](https://prdownloads.sourceforge.net/webadmin/webmin-1.951.tar.gz), and running [_setup.sh_](http://www.webmin.com/tgz.html) script, with no arguments, which will setup to run it directly from this directory, or with a command-line argument, such as targeted directory.
+ 2. By downloading, extracting [source file](https://prdownloads.sourceforge.net/webadmin/webmin-1.954.tar.gz), and running [_setup.sh_](http://www.webmin.com/tgz.html) script, with no arguments, which will setup to run it directly from this directory, or with a command-line argument, such as targeted directory.
   <kbd>Note: If you are installing Webmin [on Windows](http://www.webmin.com/windows.html) system, you must run the command `perl setup.pl` instead. The Windows version depends on several programs, and modules that may not be part of the standard distribution. You will need _process.exe_ commmand, _sc.exe_ command, and _Win32::Daemon_ Perl module.</kbd>
 
 ## Documentation

acl/backup_config.pl

@@ -1,7 +1,7 @@
 
 use strict;
 use warnings;
-do 'acl-lib.pl';
+require 'acl-lib.pl';
 our ($config_directory, %gconfig);
 
 # backup_config_files()

adsl-client/backup_config.pl

@@ -1,5 +1,5 @@
 
-do 'adsl-client-lib.pl';
+require 'adsl-client-lib.pl';
 
 # backup_config_files()
 # Returns files and directories that can be backed up

apache/apache-lib.pl

@@ -1057,8 +1057,9 @@ foreach $f (@{$_[0]}) {
 	push(@fl, $f) if (&indexof($f, @fl) < 0);
 	}
 foreach $f (&unique(@fl)) {
-    $rv .= &ui_checkbox($_[1], $f, $f, (&indexof($f, @{$_[0]}) < 0 ? 0 : 1 ) ); 
+	$rv .= &ui_checkbox($_[1], $f, $f, (&indexof($f, @{$_[0]}) < 0 ? 0 : 1 ) ); 
 	}
+$rv ||= &ui_textbox($_[1], "", 20);
 return $rv;
 }
 

apache/backup_config.pl

@@ -1,5 +1,5 @@
 
-do 'apache-lib.pl';
+require 'apache-lib.pl';
 
 # backup_config_files()
 # Returns files and directories that can be backed up

apache/core.pl

@@ -837,8 +837,8 @@ return &parse_opt("ForceType", '^\S+\/\S+$', $text{'mod_mime_etype'});
 sub edit_SetOutputFilter
 {
 local @vals = split(/[\s;]+/, $_[0]->{'value'});
-return (2, $text{'core_outfilter'},
-	&filters_input(\@vals, "SetOutputFilter"));
+my $fi = &filters_input(\@vals, "SetOutputFilter");
+return (2, $text{'core_outfilter'}, $fi);
 }
 sub save_SetOutputFilter
 {
@@ -848,8 +848,8 @@ return &parse_filters("SetOutputFilter");
 sub edit_SetInputFilter
 {
 local @vals = split(/[\s;]+/, $_[0]->{'value'});
-return (2, $text{'core_infilter'},
-	&filters_input(\@vals, "SetInputFilter"));
+my $fi = &filters_input(\@vals, "SetInputFilter");
+return (2, $text{'core_infilter'}, $fi);
 }
 sub save_SetInputFilter
 {

at/backup_config.pl

@@ -9,12 +9,14 @@ do 'at-lib.pl';
 sub backup_config_files
 {
 my @rv;
-opendir(my $DIR, $config{'at_dir'});
-while(my $f = readdir($DIR)) {
-	next if ($f eq "." || $f eq ".." || $f eq ".SEQ");
-	if (!-d "$config{'at_dir'}/$f") {
-		push(@rv, "$config{'at_dir'}/$f");
+if (opendir(my $DIR, $config{'at_dir'})) {
+	while(my $f = readdir($DIR)) {
+		next if ($f eq "." || $f eq ".." || $f eq ".SEQ");
+		if (!-d "$config{'at_dir'}/$f") {
+			push(@rv, "$config{'at_dir'}/$f");
+			}
 		}
+	closedir($DIR);
 	}
 return @rv;
 }

bind8/bind8-lib.pl

@@ -67,12 +67,12 @@ our @dnssec_dlv_key = ( 257, 3, 5, '"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWE
 
 my $rand_flag;
 if ($gconfig{'os_type'} =~ /-linux$/ && 
-	-r "/dev/urandom" &&
-	!$config{'force_random'} &&
-
+    -r "/dev/urandom" &&
+    !$config{'force_random'} &&
+    $bind_version &&
+    &compare_version_numbers($bind_version, '9.14') < 0) {
 	# Version: 9.14.2 deprecated the use of -r option 
 	# in favor of using /dev/random [bugs:#5370]
-	$bind_version < '9.14') {
 	$rand_flag = "-r /dev/urandom";
 	}
 

cron/backup_config.pl

@@ -1,5 +1,5 @@
 
-do 'cron-lib.pl';
+require 'cron-lib.pl';
 
 # backup_config_files()
 # Returns files and directories that can be backed up

custom/custom-lib.pl

@@ -308,7 +308,9 @@ if ($file !~ /^\// && $file !~ /\|\s*$/) {
 		$file = "$uinfo[7]/$file";
 		}
 	}
-open(FILE, "<".$file);
+my $h;
+$h = "<" if ($file =~ /^\// && $file !~ /\|\s*$/);
+open(FILE, "$h".$file);
 while(<FILE>) {
 	s/\r|\n//g;
 	next if (/^#/);

dovecot/dovecot-lib.pl

@@ -295,6 +295,8 @@ my $i = 1;
 foreach my $m (@{$section->{'members'}}) {
 	$m->{'line'} = $m->{'eline'} = $section->{'line'} + $i++;
 	$m->{'file'} = $section->{'file'};
+	$m->{'sectionname'} = $section->{'name'};
+	$m->{'sectionvalue'} = $section->{'value'};
 	}
 }
 

firewall/firewall-lib.pl

@@ -60,13 +60,13 @@ local $lnum = 0;
 local $direct = "ip${ipvx}tables-save 2>/dev/null |";
 if (!$file) {
 	# Use default file
-	$file = $config{"direct${ipvx}"} ? $direct : $ipvx_save;
+	$file = $config{"direct${ipvx}"} ? $direct : "<".$ipvx_save;
 	}
 elsif ($file eq "direct") {
 	# Read active rules
 	$file = $direct;
 	}
-open(FILE, "<".$file);
+open(FILE, $file);
 local $cmt;
 LINE:
 while(<FILE>) {

init/reboot.cgi

@@ -5,6 +5,13 @@
 require './init-lib.pl';
 &ReadParse();
 $access{'reboot'} || &error($text{'reboot_ecannot'});
+if ($in{'removenotify'}) {
+	foreign_require("webmin");
+	write_file_contents($webmin::postpone_reboot_required);
+	&redirect(get_referer_relative());
+	exit;
+}
+
 &ui_print_header(undef, $text{'reboot_title'}, "");
 
 $ttcmd = "<tt>".&html_escape($config{'reboot_command'})."</tt>";

iscsi-server/backup_config.pl

@@ -1,5 +1,5 @@
 
-do 'iscsi-server-lib.pl';
+require 'iscsi-server-lib.pl';
 
 # backup_config_files()
 # Returns files and directories that can be backed up

iscsi-server/install_check.pl

@@ -1,6 +1,6 @@
 # install_check.pl
 
-do 'iscsi-server-lib.pl';
+require 'iscsi-server-lib.pl';
 
 # is_installed(mode)
 # For mode 1, returns 2 if the server is installed and configured for use by

iscsi-server/log_parser.pl

@@ -1,7 +1,7 @@
 # log_parser.pl
 # Functions for parsing this module's logs
 
-do 'iscsi-server-lib.pl';
+require 'iscsi-server-lib.pl';
 
 # parse_webmin_log(user, script, action, type, object, &params)
 # Converts logged information from this module into human-readable form

mailboxes/config_info.pl

@@ -4,13 +4,10 @@ sub show_userIgnoreList
 {
   my($ig_usr) = shift(@_) || '';
   $ig_usr =~ s/\t/\n/g;
-  my($preta)  = '<TEXTAREA NAME="ignore_users" COLS="35" ROWS="4">';
-  my($postta) = '</TEXTAREA>';
+  my($preta)  = "<input name=\"ignore_users\" value=\"$ig_usr\" size=\"50\">";
 
   return
       $preta .
-      $ig_usr .
-      $postta .
       '&nbsp;' .
       &user_chooser_button("ignore_users", 1);
 }

makedebian.pl

@@ -256,6 +256,25 @@ system("chmod 755 $preinstall_file");
 open(SCRIPT, ">$postinstall_file");
 print SCRIPT <<EOF;
 #!/bin/sh
+
+# Fix old versions of Webmin that might kill the UI process on upgrade
+cat >/etc/webmin/stop 2>/dev/null <<'EOD'
+#!/bin/sh
+echo Stopping Webmin server in /usr/libexec/webmin
+pidfile=`grep "^pidfile=" /etc/webmin/miniserv.conf | sed -e 's/pidfile=//g'`
+pid=`cat \$pidfile`
+if [ "\$pid" != "" ]; then
+  kill \$pid || exit 1
+  if [ "\$1" = "--kill" ]; then
+    sleep 1
+    (kill -9 -- -\$pid || kill -9 \$pid) 2>/dev/null
+  fi
+  exit 0
+else
+  exit 1
+fi
+EOD
+
 inetd=`grep "^inetd=" /etc/$baseproduct/miniserv.conf 2>/dev/null | sed -e 's/inetd=//g'`
 if [ "\$1" = "upgrade" -a "\$1" != "abort-upgrade" ]; then
 	# Upgrading the package, so stop the old webmin properly

makedist.pl

@@ -52,34 +52,14 @@ if ($min) {
 	}
 else {
 	# All the modules
-	@mlist =
-	  ("cron", "dfsadmin", "exports", "inetd", "init",
-	  "mount", "samba", "useradmin", "fdisk", "format", "proc", "webmin",
-	  "quota", "software", "pap", "acl", "apache", "lpadmin", "bind8",
-	  "sendmail", "squid", "bsdexports", "hpuxexports",
-	  "net", "dhcpd", "custom", "telnet", "servers",
-	  "time", "wuftpd", "syslog", "mysql", "man",
-	  "inittab", "raid", "postfix", "webminlog", "postgresql", "xinetd",
-	  "status", "cpan", "pam", "nis", "shell", "grub",
-	  "fetchmail", "passwd", "at", "proftpd", "sshd",
-	  "heartbeat", "cluster-software", "cluster-useradmin", "qmailadmin",
-	  "mon", "jabber", "stunnel", "usermin",
-	  "fsdump", "lvm", "procmail",
-	  "cluster-webmin", "firewall", "sgiexports", "vgetty", "openslp",
-	  "webalizer", "shorewall", "adsl-client", "updown", "ppp-client",
-	  "pptp-server", "pptp-client", "ipsec", "ldap-useradmin",
-	  "change-user", "cluster-shell", "cluster-cron", "spam",
-	  "htaccess-htpasswd", "logrotate", "cluster-passwd", "mailboxes",
-	  "ipfw", "sarg", "bandwidth", "cluster-copy", "backup-config",
-	  "smart-status", "idmapd", "krb5", "smf", "ipfilter", "rbac",
-	  "tunnel", "zones", "cluster-usermin", "dovecot", "syslog-ng",
-	  "mailcap", "blue-theme", "ldap-client", "phpini", "filter",
-	  "bacula-backup", "ldap-server", "exim", "tcpwrappers",
-	  "package-updates", "system-status", "webmincron", "ajaxterm",
-	  "shorewall6", "iscsi-server", "iscsi-client", "gray-theme",
-	  "iscsi-target", "iscsi-tgtd", "bsdfdisk", "fail2ban",
-	  "authentic-theme", "firewalld", "filemin", "firewall6",
-	  );
+	my $mod_def_list;
+	my $curr_dir = $0;
+	($curr_dir) = $curr_dir =~ /^(.+)\/[^\/]+$/;
+	$curr_dir = "." if ($curr_dir !~ /^\//);
+	open(my $fh, '<', "$curr_dir/mod_def_list.txt") || die "Error opening \"mod_def_list.txt\" : $!\n";
+	$mod_def_list = do { local $/; <$fh> };
+	close($fh);
+	@mlist = split(/\s+/, $mod_def_list);
 	}
 @dirlist = ( "WebminUI", "JSON" );
 

makemoduledeb.pl

@@ -231,9 +231,18 @@ if ($debdepends && exists($minfo{'depends'})) {
 
 		# If the module is part of Webmin, we don't need to depend on it
 		if ($dmod) {
-			my %dinfo;
-			read_file("$dmod/module.info", \%dinfo);
-			next if ($dinfo{'longdesc'});
+			my $mod_def_list;
+			my @mod_def_list;
+			my $curr_dir = $0;
+			($curr_dir) = $curr_dir =~ /^(.+)\/[^\/]+$/;
+			$curr_dir = "." if ($curr_dir !~ /^\//);
+			open(my $fh, '<', "$curr_dir/mod_def_list.txt") || die "Error opening \"mod_def_list.txt\" : $!\n";
+			$mod_def_list = do { local $/; <$fh> };
+			close($fh);
+			@mod_def_list = split(/\s+/, $mod_def_list);
+			if ( grep( /^$dmod$/, @mod_def_list ) ) {
+			  next;
+				}
 			}
 		push(@rdeps, $dwebmin ? ("$product (>= $dwebmin)") :
 			     $dver ? ("$prefix$dmod (>= $dver)") :

makemodulerpm.pl

@@ -246,9 +246,18 @@ if ($rpmdepends && defined($minfo{'depends'})) {
 
 		# If the module is part of Webmin, we don't need to depend on it
 		if ($dmod) {
-			my %dinfo;
-			&read_file("$dmod/module.info", \%dinfo);
-			next if ($dinfo{'longdesc'});
+			my $mod_def_list;
+			my @mod_def_list;
+			my $curr_dir = $0;
+			($curr_dir) = $curr_dir =~ /^(.+)\/[^\/]+$/;
+			$curr_dir = "." if ($curr_dir !~ /^\//);
+			open(my $fh, '<', "$curr_dir/mod_def_list.txt") || die "Error opening \"mod_def_list.txt\" : $!\n";
+			$mod_def_list = do { local $/; <$fh> };
+			close($fh);
+			@mod_def_list = split(/\s+/, $mod_def_list);
+			if ( grep( /^$dmod$/, @mod_def_list ) ) {
+			  next;
+				}
 			}
 		push(@rdeps, $dwebmin ? ("webmin", ">=", $dwebmin) :
 			     $dver ? ($prefix.$dmod, ">=", $dver) :

makerpm.pl

@@ -186,6 +186,25 @@ fi
 %post
 inetd=`grep "^inetd=" /etc/webmin/miniserv.conf 2>/dev/null | sed -e 's/inetd=//g'`
 startafter=0
+
+# Fix old versions of Webmin that might kill the UI process on upgrade
+cat >/etc/webmin/stop 2>/dev/null <<'EOD'
+#!/bin/sh
+echo Stopping Webmin server in /usr/libexec/webmin
+pidfile=`grep "^pidfile=" /etc/webmin/miniserv.conf | sed -e 's/pidfile=//g'`
+pid=`cat \$pidfile`
+if [ "\$pid" != "" ]; then
+  kill \$pid || exit 1
+  if [ "\$1" = "--kill" ]; then
+    sleep 1
+    (kill -9 -- -\$pid || kill -9 \$pid) 2>/dev/null
+  fi
+  exit 0
+else
+  exit 1
+fi
+EOD
+
 if [ "\$1" != 1 ]; then
 	# Upgrading the RPM, so stop the old webmin properly
 	if [ "\$inetd" != "1" ]; then

minecraft/edit_conf.cgi

@@ -24,7 +24,7 @@ print &ui_table_row($text{'conf_seed'},
 # Type for new worlds
 my $type = &find_value("level-type", $conf) || "DEFAULT";
 print &ui_table_row($text{'conf_type'},
-	&ui_select("type", $type,
+	&ui_select("type", uc($type),
 		[ [ "DEFAULT", $text{'conf_type_default'} ],
 		  [ "FLAT", $text{'conf_type_flat'} ],
 		  [ "AMPLIFIED", $text{'conf_type_amplified'} ],

minecraft/save_backup.cgi

@@ -16,6 +16,7 @@ if (!$in{'enabled'}) {
 		&webmincron::delete_webmin_cron($job);
 		}
 	&webmin_log("disable", "backup");
+	&redirect("");
 	}
 else {
 	# Validate inputs
@@ -45,6 +46,7 @@ else {
 	&save_module_config();
 	&unlock_file($module_config_file);
 	&webmincron::save_webmin_cron($job);
+	&webmin_log("enable", "backup", $in{'backup_dir'});
 
 	# Backup now if selected
 	if ($in{'now'}) {
@@ -64,7 +66,7 @@ else {
 
 		&ui_print_footer("", $text{'index_return'});
 		}
-
-	&webmin_log("enable", "backup", $in{'backup_dir'});
+	else {
+		&redirect("");
+		}
 	}
-&redirect("");

miniserv.pl

@@ -170,16 +170,11 @@ elsif (!$config{'no_pam'}) {
 			     "PAM initialization of Authen::PAM failed");
 			}
 		}
-	else {
-		push(@startup_msg,
-		     "Perl module Authen::PAM needed for PAM is ".
-		     "not installed : $@");
-		}
 	}
 if ($config{'pam_only'} && !$use_pam) {
 	foreach $msg (@startup_msg) {
-	     print STDERR $msg,"\n";
-	}
+		print STDERR $msg,"\n";
+		}
 	print STDERR "PAM use is mandatory, but could not be enabled!\n";
 	print STDERR "no_pam and pam_only both are set!\n" if ($config{no_pam});
 	exit(1);
@@ -424,6 +419,11 @@ if ($config{'debuglog'}) {
 # Pre-cache lang files
 &precache_files();
 
+# Clear any flag files to prevent restart loops
+unlink($config{'restartflag'}) if ($config{'restartflag'});
+unlink($config{'reloadflag'}) if ($config{'reloadflag'});
+unlink($config{'stopflag'}) if ($config{'stopflag'});
+
 if ($config{'inetd'}) {
 	# We are being run from inetd - go direct to handling the request
 	&redirect_stderr_to_log();
@@ -739,7 +739,7 @@ while(1) {
 	vec($rmask, fileno(LISTEN), 1) = 1 if ($config{'listen'});
 
 	# Wait for a connection
-	local $sel = select($rmask, undef, undef, 10);
+	local $sel = select($rmask, undef, undef, 2);
 
 	# Check the flag files
 	if ($config{'restartflag'} && -r $config{'restartflag'}) {
@@ -748,9 +748,15 @@ while(1) {
 		$need_restart = 1;
 		}
 	if ($config{'reloadflag'} && -r $config{'reloadflag'}) {
+		print STDERR "reload flag file detected\n";
 		unlink($config{'reloadflag'});
 		$need_reload = 1;
 		}
+	if ($config{'stopflag'} && -r $config{'stopflag'}) {
+		print STDERR "stop flag file detected\n";
+		unlink($config{'stopflag'});
+		$need_stop = 1;
+		}
 
 	if ($need_restart) {
 		# Got a HUP signal while in select() .. restart now
@@ -761,6 +767,10 @@ while(1) {
 		$need_reload = 0;
 		&reload_config_file();
 		}
+	if ($need_stop) {
+		# Stop flag file created
+		&term_handler();
+		}
 	local $time_now = time();
 
 	# Clean up finished processes
@@ -768,8 +778,7 @@ while(1) {
 	do {	$pid = waitpid(-1, WNOHANG);
 		@childpids = grep { $_ != $pid } @childpids;
 		} while($pid != 0 && $pid != -1);
-	@childpids = grep { !kill(0, $_) } @childpids;
-
+	@childpids = grep { kill(0, $_) } @childpids;
 
 	# run the unblocking procedure to check if enough time has passed to
 	# unblock hosts that heve been blocked because of password failures
@@ -860,6 +869,7 @@ while(1) {
 		if (vec($rmask, fileno($s), 1)) {
 			# got new connection
 			$acptaddr = accept(SOCK, $s);
+			print DEBUG "accept returned ",length($acptaddr),"\n";
 			if (!$acptaddr) { next; }
 			binmode(SOCK);
 
@@ -873,9 +883,11 @@ while(1) {
 			# Work out IP and port of client
 			local ($peerb, $peera, $peerp) =
 				&get_address_ip($acptaddr, $ipv6fhs{$s});
+			print DEBUG "peera=$peera peerp=$peerp\n";
 
 			# Work out the local IP
 			(undef, $locala) = &get_socket_ip(SOCK, $ipv6fhs{$s});
+			print DEBUG "locala=$locala\n";
 
 			# Check username of connecting user
 			$localauth_user = undef;
@@ -924,6 +936,7 @@ while(1) {
 			local $handpid;
 			if (!($handpid = fork())) {
 				# setup signal handlers
+				print DEBUG "in subprocess\n";
 				$SIG{'TERM'} = 'DEFAULT';
 				$SIG{'PIPE'} = 'DEFAULT';
 				#$SIG{'CHLD'} = 'IGNORE';
@@ -945,6 +958,7 @@ while(1) {
 				if ($use_ssl) {
 					$ssl_con = &ssl_connection_for_ip(
 							SOCK, $ipv6fhs{$s});
+					print DEBUG "ssl_con returned $ssl_con\n";
 					$ssl_con || exit;
 					}
 
@@ -1361,12 +1375,11 @@ elsif ($reqline !~ /^(\S+)\s+(.*)\s+HTTP\/1\..$/) {
 			&http_error(200, "Document follows",
 				"This web server is running in SSL mode. ".
 				"Try the URL <a href='$url'>$url</a> ".
-				"instead.<br>");
+				"instead.", 0, 1);
 		} else {
 			# Throw an error
 			&http_error(404, "Page not found",
-				"The requested URL was not found on this server ".
-				"try <a href='/'>visiting the home page</a> of this site to see what you can find <br>");
+			    "The requested URL was not found on this server.")
 		}
 	} elsif (ord(substr($reqline, 0, 1)) == 128 && !$use_ssl) {
 		# This could be an https request when it should be http ..
@@ -1417,12 +1430,10 @@ elsif ($reqline !~ /^(\S+)\s+(.*)\s+HTTP\/1\..$/) {
 				return 0;
 			} elsif ($config{'hide_admin_url'} != 1) {
 				# Tell user the correct URL
-				&http_error(200, "Bad Request", "This web server is not running in SSL mode. Try the URL <a href='$url'>$url</a> instead.<br>");
+				&http_error(200, "Bad Request", "This web server is not running in SSL mode. Try the URL <a href='$url'>$url</a> instead.", 0, 1);
 			} else {
 				&http_error(404, "Page not found",
-					"The requested URL was not found on this server ".
-					"try <a href='/'>visiting the home page</a> of this site to see what you can find <br>"
-					);
+				    "The requested URL was not found on this server.");
 			}
 EOF
 		if ($@) {
@@ -1522,6 +1533,11 @@ $portstr = $redirport == 80 && !$ssl ? "" :
 $redirhost = $config{'redirect_host'} || $host;
 $hostport = &check_ip6address($redirhost) ? "[".$redirhost."]".$portstr
 				          : $redirhost.$portstr;
+
+# If the redirect_prefix exists change redirect base to include the prefix #1271
+if ($config{'redirect_prefix'}) {
+	$hostport .= $config{'redirect_prefix'}
+	}
 $prot = $ssl ? "https" : "http";
 
 undef(%in);
@@ -2697,42 +2713,44 @@ else {
 return $rv;
 }
 
-# http_error(code, message, body, [dontexit])
+# http_error(code, message, body, [dontexit], [dontstderr])
+# Output an error message to the browser, and log it to the error log
 sub http_error
 {
+my ($code, $msg, $body, $noexit, $noerr) = @_;
 local $eh = $error_handler_recurse ? undef :
-	    $config{"error_handler_$_[0]"} ? $config{"error_handler_$_[0]"} :
+	    $config{"error_handler_".$code} ? $config{"error_handler_".$code} :
 	    $config{'error_handler'} ? $config{'error_handler'} : undef;
-print DEBUG "http_error code=$_[0] message=$_[1] body=$_[2]\n";
+print DEBUG "http_error code=$code message=$msg body=$body\n";
 if ($eh) {
 	# Call a CGI program for the error
 	$page = "/$eh";
-	$querystring = "code=$_[0]&message=".&urlize($_[1]).
-		       "&body=".&urlize($_[2]);
+	$querystring = "code=$_[0]&message=".&urlize($msg).
+		       "&body=".&urlize($body);
 	$error_handler_recurse++;
-	$ok_code = $_[0];
-	$ok_message = $_[1];
+	$ok_code = $code;
+	$ok_message = $msg;
 	goto rerun;
 	}
 else {
 	# Use the standard error message display
-	&write_data("HTTP/1.0 $_[0] $_[1]\r\n");
+	&write_data("HTTP/1.0 $code $msg\r\n");
 	&write_data("Server: $config{server}\r\n");
 	&write_data("Date: $datestr\r\n");
 	&write_data("Content-type: text/html; Charset=utf-8\r\n");
 	&write_keep_alive(0);
 	&write_data("\r\n");
 	&reset_byte_count();
-	&write_data("<h1>Error - $_[1]</h1>\n");
-	if ($_[2]) {
-		&write_data("<p>$_[2]</p>\n");
+	&write_data("<h1>Error - $msg</h1>\n");
+	if ($body) {
+		&write_data("<p>$body</p>\n");
 		}
 	}
-&log_request($loghost, $authuser, $reqline, $_[0], &byte_count())
+&log_request($loghost, $authuser, $reqline, $code, &byte_count())
 	if ($reqline);
-&log_error($_[1], $_[2] ? " : $_[2]" : "");
+&log_error($msg, $body ? " : $body" : "") if (!$noerr);
 shutdown(SOCK, 1);
-exit if (!$_[3]);
+exit if (!$noexit);
 }
 
 sub get_type
@@ -4508,7 +4526,6 @@ if ($config{'ssl_cipher_list'}) {
 	}
 Net::SSLeay::set_fd($ssl_con, fileno($sock));
 if (!Net::SSLeay::accept($ssl_con)) {
-	print STDERR "Failed to initialize SSL connection\n";
 	return undef;
 	}
 return $ssl_con;
@@ -4601,25 +4618,25 @@ foreach my $v (keys %vital) {
 		$config{$v} = $vital{$v};
 		}
 	}
+$config_file =~ /^(.*)\/[^\/]+$/;
+my $config_dir = $1;
+$config{'pidfile'} =~ /^(.*)\/[^\/]+$/;
+my $var_dir = $1;
 if (!$config{'sessiondb'}) {
-	$config{'pidfile'} =~ /^(.*)\/[^\/]+$/;
-	$config{'sessiondb'} = "$1/sessiondb";
+	$config{'sessiondb'} = "$var_dir/sessiondb";
 	}
 if (!$config{'errorlog'}) {
 	$config{'logfile'} =~ /^(.*)\/[^\/]+$/;
 	$config{'errorlog'} = "$1/miniserv.error";
 	}
 if (!$config{'tempbase'}) {
-	$config{'pidfile'} =~ /^(.*)\/[^\/]+$/;
-	$config{'tempbase'} = "$1/cgitemp";
+	$config{'tempbase'} = "$var_dir/cgitemp";
 	}
 if (!$config{'blockedfile'}) {
-	$config{'pidfile'} =~ /^(.*)\/[^\/]+$/;
-	$config{'blockedfile'} = "$1/blocked";
+	$config{'blockedfile'} = "$var_dir/blocked";
 	}
 if (!$config{'webmincron_dir'}) {
-	$config_file =~ /^(.*)\/[^\/]+$/;
-	$config{'webmincron_dir'} = "$1/webmincron/crons";
+	$config{'webmincron_dir'} = "$config_dir/webmincron/crons";
 	}
 if (!$config{'webmincron_last'}) {
 	$config{'logfile'} =~ /^(.*)\/[^\/]+$/;
@@ -4632,6 +4649,9 @@ if (!$config{'webmincron_wrapper'}) {
 if (!$config{'twofactor_wrapper'}) {
 	$config{'twofactor_wrapper'} = $config{'root'}."/acl/twofactor.pl";
 	}
+$config{'restartflag'} ||= $var_dir."/restart-flag";
+$config{'reloadflag'} ||= $var_dir."/reload-flag";
+$config{'stopflag'} ||= $var_dir."/stop-flag";
 }
 
 # read_users_file()

mod_def_list.txt

@@ -0,0 +1 @@
+cron dfsadmin exports inetd init mount samba useradmin fdisk format proc webmin quota software pap acl apache lpadmin bind8 sendmail squid bsdexports hpuxexports net dhcpd custom telnet servers time wuftpd syslog mysql man inittab raid postfix webminlog postgresql xinetd status cpan pam nis shell grub fetchmail passwd at proftpd sshd heartbeat cluster-software cluster-useradmin qmailadmin mon jabber stunnel usermin fsdump lvm procmail cluster-webmin firewall sgiexports vgetty openslp webalizer shorewall adsl-client updown ppp-client pptp-server pptp-client ipsec ldap-useradmin change-user cluster-shell cluster-cron spam htaccess-htpasswd logrotate cluster-passwd mailboxes ipfw sarg bandwidth cluster-copy backup-config smart-status idmapd krb5 smf ipfilter rbac tunnel zones cluster-usermin dovecot syslog-ng mailcap blue-theme ldap-client phpini filter bacula-backup ldap-server exim tcpwrappers package-updates system-status webmincron ajaxterm shorewall6 iscsi-server iscsi-client gray-theme iscsi-target iscsi-tgtd bsdfdisk fail2ban authentic-theme firewalld filemin firewall6

net/save_bifc.cgi

@@ -325,10 +325,21 @@ else {
 		}
 	else {
 		$b->{'fullname'} = $b->{'name'}.
-				( $b->{'virtual'} eq '' ? '' : ':'.$b->{'virtual'});
+			( $b->{'virtual'} eq '' ? '' : ':'.$b->{'virtual'});
 		}
 	&save_interface($b, \@boot);
 
+	# If switching from DHCP to static and there is no default gateway
+	# set, copy the active one
+	if ($oldb{'dhcp'} && !$b{'dhcp'} && $b{'virtual'} eq '' &&
+	    defined(&get_default_gateway) && defined(&list_routes)) {
+		my $oldgw = &get_default_gateway();
+		my ($dr) = grep { $_->{'dest'} eq '0.0.0.0' } &list_routes();
+		if (!$oldgw && $dr) {
+			&set_default_gateway($dr->{'gateway'}, $b{'name'});
+			}
+		}
+
 	if ($in{'activate'}) {
 		# Make this interface active (if possible)
 		&error_setup($text{'bifc_err3'});

postfix/postfix-lib.pl

@@ -16,11 +16,13 @@ $config{'perpage'} ||= 20;      # a value of 0 can cause problems
 
 # Get the saved version number
 $version_file = "$module_config_directory/version";
+$postfix_config_command = $config{'postfix_config_command'};
+$has_postfix_config_command = &has_command($postfix_config_command);
 if (&open_readfile(VERSION, $version_file)) {
 	chop($postfix_version = <VERSION>);
 	close(VERSION);
 	my @vst = stat($version_file);
-	my @cst = stat(&has_command($config{'postfix_config_command'}));
+	my @cst = stat($postfix_config_command);
 	if (@cst && $cst[9] > $vst[9]) {
 		# Postfix was probably upgraded
 		$postfix_version = undef;
@@ -29,8 +31,8 @@ if (&open_readfile(VERSION, $version_file)) {
 
 if (!$postfix_version) {
 	# Not there .. work it out
-	if (&has_command($config{'postfix_config_command'}) &&
-	    &backquote_command("$config{'postfix_config_command'} -d mail_version 2>&1", 1) =~ /mail_version\s*=\s*(.*)/) {
+	if ($has_postfix_config_command &&
+	    &backquote_command("$postfix_config_command -d mail_version 2>&1", 1) =~ /mail_version\s*=\s*(.*)/) {
 		# Got the version
 		$postfix_version = $1;
 		}

postgresql/postgresql-lib.pl

@@ -1218,7 +1218,7 @@ if (&supports_pgpass()) {
 		&make_dir($temphome, 0755);
 		$pgpass = "$temphome/.pgpass";
 		push(@main::temporary_files, $pgpass);
-		$ENV{'HOME'} = $temphome;
+		$cmd = "HOME=$temphome $cmd";
 		}
 	$ENV{'PGPASSFILE'} = $pgpass;
 	open(PGPASS, ">$pgpass");

proc/edit_proc.cgi

@@ -76,7 +76,7 @@ print &ui_form_end();
 
 # Extra OS-specific info
 foreach $k (keys %pinfo) {
-	if ($k =~ /^_/) {
+	if ($k =~ /^_/ && $info_arg_map{$k}) {
 		print &ui_table_row($info_arg_map{$k}, $pinfo{$k});
 		}
 	}

proc/linux-lib.pl

@@ -496,21 +496,30 @@ sub get_current_cpu_temps
 my @rv;
 if (&has_command("sensors")) {
         my $fh = "SENSORS";
+        my $a;
         &open_execute_command($fh, "sensors </dev/null 2>/dev/null", 1);
         while(<$fh>) {
                 if (/Core\s+(\d+):\s+([\+\-][0-9\.]+)/) {
                         push(@rv, { 'core' => $1,
                                     'temp' => $2 });
                         }
-                elsif (/temp(\d+):\s+([\+\-][0-9\.]+)/) {
-                        # Adjust to start from `0` as all other outputs
-                        push(@rv, { 'core' => (int($1) - 1),
-                                    'temp' => $2 });
-                        }
                 elsif (/CPU:\s+([\+\-][0-9\.]+)/) {
                         push(@rv, { 'core' => 0,
                                     'temp' => $1 });
                         }
+                else {
+                    # New line - new device (disallow, if no either fan or voltage data)
+                    $a = 0 if (/^\s*$/);
+                    # Device has either fan or voltage data (sign of CPU)
+                    $a = 1 if (/fan[\d+]:\s+[0-9]+\s+RPM/i ||
+                                /in[\d+]:\s+[\+\-0-9\.]+\s+V/i);
+                    # Get odd output like in #1253
+                    if ($a && /temp(\d+):\s+([\+\-][0-9\.]+)\s+.*?[=+].*?\)/) {
+                            # Adjust to start from `0` as all other outputs
+                            push(@rv, { 'core' => (int($1) - 1),
+                                        'temp' => $2 });
+                            }
+                        }
                 }
         close($fh);
         }

setup.sh

@@ -159,11 +159,6 @@ if [ "$upgrading" = 1 ]; then
 	atboot=`grep "^atboot=" $config_dir/miniserv.conf | sed -e 's/atboot=//g'`
 	inetd=`grep "^inetd=" $config_dir/miniserv.conf | sed -e 's/inetd=//g'`
 
-	if [ "$inetd" != "1" ]; then
-		# Stop old version
-		$config_dir/stop >/dev/null 2>&1
-	fi
-
 	# Copy files to target directory
 	if [ "$wadir" != "$srcdir" ]; then
 		echo "Copying files to $wadir .."
@@ -625,15 +620,18 @@ echo "pidfile=\`grep \"^pidfile=\" $config_dir/miniserv.conf | sed -e 's/pidfile
 echo "pid=\`cat \$pidfile\`" >>$config_dir/stop
 echo "if [ \"\$pid\" != \"\" ]; then" >>$config_dir/stop
 echo "  kill \$pid || exit 1" >>$config_dir/stop
-echo "  sleep 1" >>$config_dir/stop
-echo "  (kill -9 -- -\$pid || kill -9 \$pid) 2>/dev/null" >>$config_dir/stop
+echo "  touch $var_dir/stop-flag" >>$config_dir/stop
+echo "  if [ \"\$1\" = \"--kill\" ]; then" >>$config_dir/stop
+echo "    sleep 2" >>$config_dir/stop
+echo "    (kill -9 -- -\$pid || kill -9 \$pid) 2>/dev/null" >>$config_dir/stop
+echo "  fi" >>$config_dir/stop
 echo "  exit 0" >>$config_dir/stop
 echo "else" >>$config_dir/stop
 echo "  exit 1" >>$config_dir/stop
 echo "fi" >>$config_dir/stop
 
 echo "#!/bin/sh" >>$config_dir/restart
-echo "$config_dir/stop && $config_dir/start" >>$config_dir/restart
+echo "$config_dir/stop --kill && $config_dir/start" >>$config_dir/restart
 
 echo "#!/bin/sh" >>$config_dir/reload
 echo "echo Reloading Webmin server in $wadir" >>$config_dir/reload
@@ -644,6 +642,11 @@ chmod 755 $config_dir/start $config_dir/stop $config_dir/restart $config_dir/rel
 echo "..done"
 echo ""
 
+if [ "$upgrading" = 1 -a "$inetd" != "1" ]; then
+	# Stop old version, with updated stop script
+	$config_dir/stop >/dev/null 2>&1
+fi
+
 if [ "$upgrading" = 1 ]; then
 	echo "Updating config files.."
 else

software/do_install.cgi

@@ -13,6 +13,10 @@ else {
 	&ui_print_header(undef, $text{'do_title'}, "");
 	}
 
+# Save this CGI from being killed by a webmin or apache upgrade
+$SIG{'TERM'} = 'IGNORE';
+$SIG{'PIPE'} = 'IGNORE';
+
 @packages = &file_packages($in{'file'});
 if (defined(&install_packages) && @packages > 1) {
 	# Can install everything in one hit

time/time-lib.pl

@@ -46,6 +46,11 @@ if (&has_command("ntpdate")) {
 elsif (&has_command("sntp")) {
 	$out = &backquote_logged("sntp -s $servs 2>&1");
 	}
+elsif (&has_command("chronyc")) {
+	$out = &backquote_logged("systemctl restart chronyd 2>&1");
+	$out .= &backquote_logged("chronyc makestep 2>&1");
+	sleep 5;
+	}
 else {
 	$out = "Missing ntpdate and sntp commands";
 	$? = 1;

version

@@ -1 +1 @@
-1.951
+1.954

webmin-init

@@ -39,11 +39,6 @@ stop)
 	if [ "$RETVAL" = "0" ]; then
 		rm -f $LOCKFILE
 	fi
-	pidfile=`grep "^pidfile=" $CONFFILE | sed -e 's/pidfile=//g'`
-	if [ "$pidfile" = "" ]; then
-		pidfile=$PIDFILE
-	fi
-	rm -f $pidfile
 	;;
 status)
 	pidfile=`grep "^pidfile=" $CONFFILE | sed -e 's/pidfile=//g'`

webmin/lang/af.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Kon nie die privaat sleutel genereer nie : $1
 letsencrypt_enative=Die inheemse Let's Encrypt-kliënt (certbot) is voorheen op hierdie stelsel gebruik en moet gebruik word vir alle toekomstige sertifikaatversoeke
 letsencrypt_eacmedns=Slegs die amptelike Let's Encrypt-kliënt ondersteun DNS-gebaseerde validering
 announce_hide=Verberg hierdie aankondiging
+alert_hide=Versteek waarskuwing

webmin/lang/ar.auto

@@ -982,3 +982,4 @@ letsencrypt_ekeygen=Failed to generate private key : $1
 letsencrypt_enative=تم استخدام عميل Let's Encrypt الأصلي (certbot) مسبقًا على هذا النظام ، ويجب استخدامه لجميع طلبات الشهادات المستقبلية
 letsencrypt_eacmedns=يدعم العميل Let's Encrypt فقط التحقق القائم على DNS
 announce_hide=إخفاء هذا الإعلان
+alert_hide=إخفاء التنبيه

webmin/lang/be.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Не атрымалася згенераваць прыва
 letsencrypt_enative=Родны кліент Let's Encrypt (certbot) раней выкарыстоўваўся ў гэтай сістэме і павінен выкарыстоўвацца для ўсіх будучых запытаў сертыфікатаў
 letsencrypt_eacmedns=Толькі афіцыйны кліент Let's Encrypt падтрымлівае праверку на аснове DNS
 announce_hide=Схавайце гэтую аб'яву
+alert_hide=Схаваць апавяшчэнне

webmin/lang/bg.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Неуспешно генериране на частен к
 letsencrypt_enative=Нативният клиент Let's Encrypt (certbot) беше използван преди това в тази система и трябва да се използва за всички бъдещи заявки за сертификати
 letsencrypt_eacmedns=Само официалният клиент Let's Encrypt поддържа валидиране на DNS
 announce_hide=Скриване на това съобщение
+alert_hide=Скриване на предупреждение

webmin/lang/ca.auto

@@ -7,3 +7,4 @@ ipkey_eip2="$1" no és una adreça IP o un nom d'amfitrió vàlids
 advanced_sortconfigs=Voleu desar els fitxers de configuració ordenats per les seves claus?
 letsencrypt_certbot=Certbot
 letsencrypt_eacmedns=Només el client Let's Encrypt oficial és compatible amb la validació basada en DNS
+alert_hide=Amaga l'alerta

webmin/lang/cs.auto

@@ -366,3 +366,4 @@ letsencrypt_ekeygen=Generování soukromého klíče se nezdařilo : $1
 letsencrypt_enative=V tomto systému byl dříve použit nativní klient Encrypt (certbot) a musí být použit pro všechny budoucí žádosti o certifikát
 letsencrypt_eacmedns=Pouze oficiální klient Let's Encrypt podporuje ověření založené na DNS
 announce_hide=Skrýt toto oznámení
+alert_hide=Skrýt upozornění

webmin/lang/da.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Kunne ikke generere privat nøgle : $1
 letsencrypt_enative=Den oprindelige Let's Encrypt-klient (certbot) blev tidligere brugt på dette system og skal bruges til alle fremtidige certifikatanmodninger
 letsencrypt_eacmedns=Kun den officielle Let's Encrypt-klient understøtter DNS-baseret validering
 announce_hide=Skjul denne meddelelse
+alert_hide=Skjul advarsel

webmin/lang/de.auto

@@ -1 +1,2 @@
 letsencrypt_eacmedns=Nur der offizielle Let's Encrypt-Client unterstützt die DNS-basierte Validierung
+alert_hide=Warnung ausblenden

webmin/lang/el.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Αποτυχία δημιουργίας ιδιωτικού
 letsencrypt_enative=Ο εγγεγραμμένος χρήστης Let's Encrypt (certbot) χρησιμοποιήθηκε στο παρελθόν σε αυτό το σύστημα και πρέπει να χρησιμοποιηθεί για όλα τα μελλοντικά αιτήματα πιστοποιητικών
 letsencrypt_eacmedns=Μόνο ο επίσημος πελάτης Let's Encrypt υποστηρίζει επικύρωση βάσει DNS
 announce_hide=Απόκρυψη της Ανακοίνωσης
+alert_hide=Απόκρυψη ειδοποίησης

webmin/lang/en

@@ -1156,5 +1156,6 @@ letsencrypt_enative=The native Let's Encrypt client (certbot) was used previousl
 letsencrypt_eacmedns=Only the offical Let's Encrypt client supports DNS-based validation
 
 announce_hide=Hide This Announcement
+alert_hide=Hide Alert
 
 __norefs=1

webmin/lang/es.auto

@@ -548,3 +548,4 @@ letsencrypt_ekeygen=Error al generar la clave privada : $1
 letsencrypt_enative=El cliente nativo Let's Encrypt (certbot) se usó anteriormente en este sistema y debe usarse para todas las solicitudes de certificados futuras
 letsencrypt_eacmedns=Solo el cliente oficial Let's Encrypt admite la validación basada en DNS
 announce_hide=Ocultar este anuncio
+alert_hide=Ocultar alerta

webmin/lang/eu.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Ezin izan da gako pribatua sortzen : $1
 letsencrypt_enative=Let's Encrypt bezero jatorria (certbot) lehenago erabili zen sistema honetan eta etorkizunean ziurtagiri-eskaera guztietarako erabili behar da
 letsencrypt_eacmedns=Letrak Encrypt bezero ofizialak soilik onartzen ditu DNSetan oinarritutako balioztapena
 announce_hide=Ezkutatu iragarki hau
+alert_hide=Alerta ezkutatu

webmin/lang/fa.auto

@@ -588,3 +588,4 @@ letsencrypt_ekeygen=Failed to generate private key : $1
 letsencrypt_enative=مشتری بومی Let Encrypt (certbot) قبلاً در این سیستم استفاده شده بود ، و باید برای کلیه درخواست های گواهی آینده مورد استفاده قرار گیرد
 letsencrypt_eacmedns=فقط مشتری رسمی Letry Encrypt از اعتبار سنجی مبتنی بر DNS پشتیبانی می کند
 announce_hide=پنهان کردن این اعلامیه
+alert_hide=هشدار را مخفی کنید

webmin/lang/fi.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Yksityisen avaimen luonti epäonnistui : $1
 letsencrypt_enative=Alkuperäistä Let's Encrypt -asiakasta (certbot) käytettiin aiemmin tässä järjestelmässä, ja sitä on käytettävä kaikkiin tuleviin varmennepyyntöihin
 letsencrypt_eacmedns=Vain virallinen Let's Encrypt -asiakas tukee DNS-pohjaista validointia
 announce_hide=Piilota tämä ilmoitus
+alert_hide=Piilota hälytys

webmin/lang/fr.auto

@@ -562,3 +562,4 @@ letsencrypt_ekeygen=Impossible de générer la clé privée : $1
 letsencrypt_enative=Le client natif Let's Encrypt (certbot) a été utilisé précédemment sur ce système et doit être utilisé pour toutes les futures demandes de certificat
 letsencrypt_eacmedns=Seul le client officiel Let's Encrypt prend en charge la validation basée sur DNS
 announce_hide=Masquer cette annonce
+alert_hide=Masquer l'alerte

webmin/lang/he.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Failed to generate private key : $1
 letsencrypt_enative=לקוח Let's Encrypt המקורי (certbot) שימש בעבר במערכת זו, ויש להשתמש בו לכל בקשות האישור העתידיות
 letsencrypt_eacmedns=רק לקוח Let's Encrypt הרשמי תומך באימות מבוסס DNS
 announce_hide=הסתר את ההודעה הזו
+alert_hide=הסתר התראה

webmin/lang/hr.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Generiranje privatnog ključa nije uspjelo : $1
 letsencrypt_enative=Izvorni klijent Let's Encrypt klijent (certbot) prethodno se koristio u ovom sustavu i mora se koristiti za sve buduće zahtjeve certifikata.
 letsencrypt_eacmedns=Samo službeni klijent Let's Encrypt klijent podržava provjeru utemeljenu na DNS-u
 announce_hide=Sakrij ovu najavu
+alert_hide=Sakrij upozorenje

webmin/lang/hu.auto

@@ -1005,3 +1005,4 @@ letsencrypt_ekeygen=Nem sikerült létrehozni a privát kulcsot : $1
 letsencrypt_enative=A natív Let's Encrypt klienst (certbot) korábban használták a rendszerben, és azt minden jövőbeli tanúsítványkéréshez használni kell
 letsencrypt_eacmedns=Csak a hivatalos Let's Encrypt kliens támogatja a DNS-alapú érvényesítést
 announce_hide=Elrejteni ezt a bejelentést
+alert_hide=Alert elrejtése

webmin/lang/it.auto

@@ -366,3 +366,4 @@ letsencrypt_ekeygen=Generazione della chiave privata non riuscita : $1
 letsencrypt_enative=Il client Let's Encrypt nativo (certbot) è stato utilizzato in precedenza su questo sistema e deve essere utilizzato per tutte le richieste di certificati future
 letsencrypt_eacmedns=Solo il client Let's Encrypt ufficiale supporta la convalida basata su DNS
 announce_hide=Nascondi questo annuncio
+alert_hide=Nascondi avviso

webmin/lang/ja.auto

@@ -165,3 +165,4 @@ letsencrypt_ekeygen=秘密鍵の生成に失敗しました：$1
 letsencrypt_enative=ネイティブのLet's Encryptクライアント（certbot）はこのシステムで以前に使用されたものであり、将来のすべての証明書要求に使用する必要があります
 letsencrypt_eacmedns=公式のLet's EncryptクライアントのみがDNSベースの検証をサポートします
 announce_hide=このお知らせを非表示
+alert_hide=アラートを非表示

webmin/lang/ko.auto

@@ -360,3 +360,4 @@ letsencrypt_ekeygen=개인 키를 생성하지 못했습니다  : $1
 letsencrypt_enative=기본 Let 's Encrypt 클라이언트 (certbot)는이 시스템에서 이전에 사용되었으며 향후 모든 인증서 요청에 사용해야합니다.
 letsencrypt_eacmedns=공식적인 Let 's Encrypt 클라이언트 만이 DNS 기반 유효성 검사를 지원합니다
 announce_hide=이 공지 숨기기
+alert_hide=경고 숨기기

webmin/lang/lt.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Nepavyko sugeneruoti privataus rakto : $1
 letsencrypt_enative=Gimtasis „Encrypt“ klientas (certbot) anksčiau buvo naudojamas šioje sistemoje ir turi būti naudojamas visoms būsimoms sertifikatų užklausoms
 letsencrypt_eacmedns=Tik oficialus „Encrypt“ klientas palaiko DNS pagrįstą patvirtinimą
 announce_hide=Slėpti šį skelbimą
+alert_hide=Slėpti perspėjimą

webmin/lang/lv.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Neizdevās ģenerēt privātu atslēgu : $1
 letsencrypt_enative=Vietējais klientu šifrēšanas klients (certbot) iepriekš tika izmantots šajā sistēmā, un tas ir jāizmanto visiem turpmākajiem sertifikātu pieprasījumiem
 letsencrypt_eacmedns=Tikai uz oficiālu klientu šifrēšanas klientu tiek atbalstīta uz DNS balstīta validācija
 announce_hide=Slēpt šo sludinājumu
+alert_hide=Slēpt brīdinājumu

webmin/lang/ms.auto

@@ -101,3 +101,4 @@ letsencrypt_ekeygen=Gagal menjana kunci peribadi : $1
 letsencrypt_enative=Native Encrypt native (certbot) asli digunakan sebelum ini pada sistem ini, dan mesti digunakan untuk semua permintaan sijil masa depan
 letsencrypt_eacmedns=Hanya klien Let's Encrypt yang sah yang menyokong pengesahan berasaskan DNS
 announce_hide=Sembunyikan Pengumuman Ini
+alert_hide=Sembunyikan Makluman

webmin/lang/mt.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Ma rnexxielux jiġġenera ċavetta privata : $1
 letsencrypt_enative=Il-klijent indiġenu Let's Encrypt (certbot) kien użat qabel fuq din is-sistema, u għandu jintuża għat-talbiet taċ-ċertifikati futuri kollha
 letsencrypt_eacmedns=Il-klijent uffiċjal Ejja Encrypt jappoġġja validazzjoni bbażata fuq id-DNS
 announce_hide=Aħbi din it-Tħabbira
+alert_hide=Aħbi Twissija

webmin/lang/nl.auto

@@ -196,3 +196,4 @@ letsencrypt_ekeygen=Kan privésleutel niet genereren : $1
 letsencrypt_enative=De native Let's Encrypt-client (certbot) werd eerder op dit systeem gebruikt en moet worden gebruikt voor alle toekomstige certificaataanvragen
 letsencrypt_eacmedns=Alleen de officiële Let's Encrypt-client ondersteunt DNS-validatie
 announce_hide=Deze aankondiging verbergen
+alert_hide=Melding verbergen

webmin/lang/no.auto

@@ -25,3 +25,4 @@ letsencrypt_doingdns=Be om et nytt sertifikat for $1 ved å bruke DNS-validering
 letsencrypt_echain2=Kjedet sertifikat lastet ned fra $1 er tomt
 letsencrypt_eacmedns=Bare den offisielle Let's Encrypt-klienten støtter DNS-basert validering
 announce_hide=Skjul kunngjøringen
+alert_hide=Skjul varsel

webmin/lang/pl.auto

@@ -78,3 +78,4 @@ letsencrypt_ekeygen=Nie udało się wygenerować klucza prywatnego : $1
 letsencrypt_enative=Natywny klient Let's Encrypt (certbot) był wcześniej używany w tym systemie i musi być używany do wszystkich przyszłych żądań certyfikatów
 letsencrypt_eacmedns=Tylko oficjalny klient Let's Encrypt obsługuje sprawdzanie poprawności na podstawie DNS
 announce_hide=Ukryj to ogłoszenie
+alert_hide=Ukryj alert

webmin/lang/pt.auto

@@ -607,3 +607,4 @@ letsencrypt_ekeygen=Falha ao gerar a chave privada : $1
 letsencrypt_enative=O cliente Let's Encrypt criptografado (certbot) foi usado anteriormente neste sistema e deve ser usado para todas as solicitações futuras de certificado
 letsencrypt_eacmedns=Somente o cliente oficial Let's Encrypt suporta validação baseada em DNS
 announce_hide=Ocultar este anúncio
+alert_hide=Ocultar alerta

webmin/lang/pt_BR.auto

@@ -284,3 +284,4 @@ letsencrypt_ekeygen=Falha ao gerar a chave privada : $1
 letsencrypt_enative=O cliente Let's Encrypt criptografado (certbot) foi usado anteriormente neste sistema e deve ser usado para todas as solicitações futuras de certificado
 letsencrypt_eacmedns=Somente o cliente oficial Let's Encrypt suporta validação baseada em DNS
 announce_hide=Ocultar este anúncio
+alert_hide=Ocultar alerta

webmin/lang/ro.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Eroare la generarea cheii private : $1
 letsencrypt_enative=Clientul Let's Encrypt (certificbot) nativ a fost folosit anterior pe acest sistem și trebuie utilizat pentru toate viitoarele solicitări de certificare
 letsencrypt_eacmedns=Doar clientul Offical Let's Encrypt acceptă validarea bazată pe DNS
 announce_hide=Ascundeți acest anunț
+alert_hide=Ascundeți alerta

webmin/lang/ru.auto

@@ -302,3 +302,4 @@ letsencrypt_ekeygen=Не удалось сгенерировать закрыт
 letsencrypt_enative=Собственный клиент Let's Encrypt (certbot) ранее использовался в этой системе и должен использоваться для всех будущих запросов на сертификат
 letsencrypt_eacmedns=Только официальный клиент Let's Encrypt поддерживает проверку на основе DNS
 announce_hide=Скрыть это объявление
+alert_hide=Скрыть оповещение

webmin/lang/sk.auto

@@ -435,3 +435,4 @@ letsencrypt_ekeygen=Nepodarilo sa vygenerovať súkromný kľúč : $1
 letsencrypt_enative=Natívny klient šifrovania Let (Encyptuj) (certbot) bol predtým použitý v tomto systéme a musí byť použitý pre všetky budúce žiadosti o certifikáty
 letsencrypt_eacmedns=Iba oficiálny klient Poďme šifrovať podporuje overovanie založené na DNS
 announce_hide=Skryť toto oznámenie
+alert_hide=Skryť upozornenie

webmin/lang/sl.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Ni bilo mogoče ustvariti zasebnega ključa : $1
 letsencrypt_enative=Domači odjemalec Let's Encrypt (certbot) je bil prej uporabljen v tem sistemu in ga je treba uporabiti za vse prihodnje zahteve za potrdila
 letsencrypt_eacmedns=Samo uradni odjemalec Let's Encrypt podpira preverjanje na podlagi DNS
 announce_hide=Skrij to obvestilo
+alert_hide=Skrij opozorilo

webmin/lang/sv.auto

@@ -836,3 +836,4 @@ letsencrypt_ekeygen=Det gick inte att generera privat nyckel : $1
 letsencrypt_enative=Den ursprungliga Let's Encrypt-klienten (certbot) användes tidigare i detta system och måste användas för alla framtida certifikatbegäranden
 letsencrypt_eacmedns=Endast den officiella Let's Encrypt-klienten stöder DNS-baserad validering
 announce_hide=Dölj detta tillkännagivande
+alert_hide=Dölj varning

webmin/lang/th.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=ไม่สามารถสร้างคีย์ส่
 letsencrypt_enative=ไคลเอ็นต์ Let's Encrypt ดั้งเดิม (certbot) ถูกใช้ก่อนหน้านี้ในระบบนี้และต้องใช้สำหรับการร้องขอใบรับรองในอนาคตทั้งหมด
 letsencrypt_eacmedns=ไคลเอนต์ Let's Encrypt อย่างเป็นทางการเท่านั้นที่รองรับการตรวจสอบความถูกต้องของ DNS
 announce_hide=ซ่อนประกาศนี้
+alert_hide=ซ่อนการแจ้งเตือน

webmin/lang/tr.auto

@@ -617,3 +617,4 @@ letsencrypt_ekeygen=Özel anahtar oluşturulamadı : $1
 letsencrypt_enative=Yerel Let's Encrypt istemcisi (certbot) daha önce bu sistemde kullanıldı ve gelecekteki tüm sertifika istekleri için kullanılmalıdır
 letsencrypt_eacmedns=Yalnızca resmi Let's Encrypt istemcisi DNS tabanlı doğrulamayı destekler
 announce_hide=Bu Duyuruyu Gizle
+alert_hide=Uyarıyı Gizle

webmin/lang/uk.auto

@@ -711,3 +711,4 @@ letsencrypt_ekeygen=Не вдалося генерувати приватний
 letsencrypt_enative=Рідний клієнт Let's Encrypt клієнт (certbot) раніше використовувався в цій системі і повинен використовуватися для всіх майбутніх запитів сертифікатів
 letsencrypt_eacmedns=Тільки офіційний клієнт Let's Encrypt підтримує перевірку на основі DNS
 announce_hide=Сховати це оголошення
+alert_hide=Сховати сповіщення

webmin/lang/ur.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Failed to generate private key : $1
 letsencrypt_enative=مقامی لیٹ انکرپٹ کلائنٹ (سیرٹبوٹ) پہلے اس سسٹم میں استعمال ہوتا تھا ، اور آئندہ سرٹیفکیٹ کی تمام درخواستوں کے ل used اسے استعمال کیا جانا چاہئے
 letsencrypt_eacmedns=صرف آفیسیکل چلو انکرپٹ کلائنٹ DNS پر مبنی توثیق کی حمایت کرتا ہے
 announce_hide=اس اعلان کو چھپائیں
+alert_hide=الرٹ چھپائیں

webmin/lang/vi.auto

@@ -1101,3 +1101,4 @@ letsencrypt_ekeygen=Không thể tạo khóa riêng : $1
 letsencrypt_enative=Ứng dụng khách Encrypt gốc (certbot) đã được sử dụng trước đây trên hệ thống này và phải được sử dụng cho tất cả các yêu cầu chứng chỉ trong tương lai
 letsencrypt_eacmedns=Chỉ ứng dụng khách Encrypt chính thức mới hỗ trợ xác thực dựa trên DNS
 announce_hide=Ẩn thông báo này
+alert_hide=Ẩn thông báo

webmin/lang/zh.auto

@@ -781,3 +781,4 @@ letsencrypt_ekeygen=无法生成私钥：$1
 letsencrypt_enative=本地的Let's Encrypt客户端（certbot）先前在此系统上使用，并且必须用于以后的所有证书请求
 letsencrypt_eacmedns=仅官方的Let's Encrypt客户端支持基于DNS的验证
 announce_hide=隐藏此公告
+alert_hide=隐藏警报

webmin/lang/zh_TW.auto

@@ -650,3 +650,4 @@ letsencrypt_ekeygen=無法生成私鑰：$1
 letsencrypt_enative=本地的Let's Encrypt客戶端（certbot）先前在此系統上使用，並且必須用於以後的所有證書請求
 letsencrypt_eacmedns=僅官方的Let's Encrypt客戶端支持基於DNS的驗證
 announce_hide=隱藏此公告
+alert_hide=隱藏警報

webmin/letsencrypt-lib.pl

@@ -99,7 +99,8 @@ if ($mode eq "web") {
 	my @st = stat($webroot);
 	my $user = getpwuid($st[4]);
 	if (!-d $challenge) {
-		my $cmd = "mkdir -p -m 755 ".quotemeta($challenge);
+		my $cmd = "mkdir -p -m 755 ".quotemeta($challenge).
+			  " && chmod 755 ".quotemeta($wellknown);
 		if ($user && $user ne "root") {
 			$cmd = &command_as_user($user, 0, $cmd);
 			}

webmin/webmin-lib.pl

@@ -85,6 +85,8 @@ our $first_install_file = "$config_directory/first-install";
 
 our $hidden_announce_file = "$module_config_directory/announce-hidden";
 
+our $postpone_reboot_required = "$module_var_directory/postpone-reboot-required";
+
 =head2 setup_ca
 
 Internal function to create all the configuration files needed for the Webmin
@@ -1318,12 +1320,23 @@ if (&foreign_available($module_name) && !$noupdates &&
 # Reboot needed
 if (&foreign_check("package-updates") && &foreign_available("init")) {
 	&foreign_require("package-updates");
-	if (&package_updates::check_reboot_required()) {
+	my $allow_reboot_required = 1;
+	if (-r $postpone_reboot_required) {
+		my $uptime = &get_system_uptime();
+		my $lastreboot = $uptime ? time()-$uptime : undef;
+		if ($lastreboot) {
+			my @prr = stat($postpone_reboot_required);
+			if ($lastreboot < $prr[9]) {
+				$allow_reboot_required = 0;
+				}
+			}
+		}
+	if (&package_updates::check_reboot_required() && $allow_reboot_required) {
 		push(@notifs,
-		     &ui_form_start("$gconfig{'webprefix'}/init/reboot.cgi",
-				    "form-data").
-		     $text{'notif_reboot'}."<p>\n".
-		     &ui_form_end([ [ undef, $text{'notif_rebootok'} ] ]));
+			&ui_form_start("$gconfig{'webprefix'}/init/reboot.cgi").
+			$text{'notif_reboot'}."<p>\n".
+			&ui_form_end([ [ undef, $text{'notif_rebootok'} ],
+					[ 'removenotify', $text{'alert_hide'} ] ]));
 		}
 	}
 
@@ -1866,8 +1879,10 @@ while(<OUT>) {
 		}
 	}
 close(OUT);
-$rv{'type'} = $rv{'o'} eq $rv{'issuer_o'} ? $text{'ssl_typeself'}
-					  : $text{'ssl_typereal'};
+if ($rv{'o'} && $rv{'issuer_o'}) {
+	$rv{'type'} = $rv{'o'} eq $rv{'issuer_o'} ? $text{'ssl_typeself'}
+						  : $text{'ssl_typereal'};
+	}
 return \%rv;
 }