Major version bump

Fix to restart correct PHP-FPM service

README.md

@@ -29,7 +29,7 @@ Webmin can be installed in two different ways:
  1. By downloading a pre-built package, available for different distributions (CentOS, Fedora, SuSE, Mandriva, Debian, Ubuntu, Solaris and [other](http://www.webmin.com/support.html)) from our [download page](http://webmin.com/download.html);
   <kbd>Note: It is highly recommended to [add repository](https://doxfer.webmin.com/Webmin/Installation) to your system for having automatic updates.</kbd>
 
- 2. By downloading, extracting [source file](https://prdownloads.sourceforge.net/webadmin/webmin-1.982.tar.gz), and running [_setup.sh_](http://www.webmin.com/tgz.html) script, with no arguments, which will setup to run it directly from this directory, or with a command-line argument, such as targeted directory.
+ 2. By downloading, extracting [source file](https://prdownloads.sourceforge.net/webadmin/webmin-1.990.tar.gz), and running [_setup.sh_](http://www.webmin.com/tgz.html) script, with no arguments, which will setup to run it directly from this directory, or with a command-line argument, such as targeted directory.
   <kbd>Note: If you are installing Webmin [on Windows](http://www.webmin.com/windows.html) system, you must run the command `perl setup.pl` instead. The Windows version depends on several programs, and modules that may not be part of the standard distribution. You will need _process.exe_ commmand, _sc.exe_ command, and _Win32::Daemon_ Perl module.</kbd>
 
 ## Documentation

SECURITY.md

@@ -0,0 +1,23 @@
+## Reporting Security Issues
+
+Please send all reports of security issues found in Webmin to security@webmin.com
+via email, ideally PGP encrypted with the key from https://www.webmin.com/jcameron-key.asc .
+
+Potential security issues, in descending order of impact, include :
+
+* Remotely exploitable attacks that allow `root` access to Webmin without
+  any credentials.
+
+* Privilege escalation vulnerabilities that allow non-`root` users of Webmin
+  to run commands or access files as `root`.
+
+* XSS attacks that target users already logged into Webmin when they visit
+  another website.
+
+Things that are not actually security issues include :
+
+* XSS attacks that are blocked by Webmin's referrer checks, which are enabled
+  by default.
+
+* Attacks that require modifications to Webmin's code or configuration, which
+  can only be done by someone who already has `root` permissions.

acl/acl-lib.pl

@@ -651,7 +651,7 @@ else {
 	my $deny = $user->{'deny'};
 	$deny =~ s/:/;/g if ($deny);
 	foreach my $l (@pwfile) {
-		if ($l =~ /^([^:]+):([^:]*)/ && $1 eq $username) {
+		if ($l =~ /^([^:]+):([^:\r\n]*)/ && $1 eq $username) {
 			&add_old_password($user, "$2", \%miniserv);
 			&print_tempfile($fh,
 				$user->{'name'},":",
@@ -1953,6 +1953,7 @@ return 1 if ($found >= 0);		# Already setup
 
 # Grant access to the user and path
 &lock_file(&get_miniserv_config_file());
+$user ||= '';
 push(@anon, "$path=$user");
 $miniserv->{'anonymous'} = join(" ", @anon);
 &put_miniserv_config($miniserv);

apache/apache-lib.pl

@@ -2168,23 +2168,6 @@ foreach my $l (@{$conf_lref}) {
 if ($conf_block_opening == $conf_block_closing) {
 
     my $conf_lvl = 0;
-    my $conf_prev_line;
-    my $conf_curr_line;
-    my $conf_virthost;
-    my @confs_separate =
-           (
-           	'Protocols',
-           	'SuexecUserGroup',
-           	'ServerName',
-           	'ScriptAlias',
-           	'DocumentRoot',
-           	'ErrorLog',
-           	'DirectoryIndex',
-           	'Alias',
-           	'RewriteEngine',
-           	'Fcgid',
-           	'SSL',
-           );
     foreach my $l (@{$conf_lref}) {
         my $indent_current = $indent x $conf_lvl;
 
@@ -2194,59 +2177,20 @@ if ($conf_block_opening == $conf_block_closing) {
             # Indent up next line if a new block
             if ($l =~ /(<[a-zA-Z]+).*>/) {
                 $conf_lvl++;
-                if ($l =~ /(<VirtualHost).*>/) {
-                	$conf_virthost++;
-                	}
                 }
 
             # Indent down next line if a closing block
             if ($l =~ /(<\/[a-zA-Z]+).*>/) {
                 $conf_lvl--;
 
-                if ($l =~ /(<\/VirtualHost).*>/) {
-                	$conf_virthost--;
-                	}
-
                 # Change current indent right now as it is a closing block
                 $indent_current = $indent x $conf_lvl;
                 }
             }
 
-        # Store previous and current lines
-        $conf_prev_line = &trim($conf_curr_line);
-        $conf_curr_line = &trim($l);
-
         # Replace beginning spaces with needed indent
         $l =~ s/^\s*/$indent_current/
             if($l);
-        
-
-        # Check if current line needs to be prepended
-        # with a new line for better readability
-        if (!$config{'format_config_lines'}) {
-            # Allow new line insertion only inside of VirtualHost block
-            if ($conf_virthost) {
-                # If current line is not part of a commented block
-                if ($conf_curr_line !~ /^\s*#/) {
-                    # If previous line is not already an empty line
-                    if (length($conf_prev_line)) {
-                        # If the previous line was something 
-                        # we want to take a break before and after match
-                        if (grep {$conf_curr_line =~ /^$_/} @confs_separate &&
-                            grep {$conf_prev_line !~ /^$_/} @confs_separate) {
-                        	# If not the first directive in VirtualHost
-                        	if($conf_prev_line !~ /(^<VirtualHost).*>/) {
-                            	$l = "\n$l"
-                        		}
-                            }
-                        # If current is opening block
-                        elsif ($conf_curr_line =~ /(^<[a-zA-Z]+).*>/) {
-                            $l = "\n$l";
-                            }
-                        }
-                    }
-                }
-            }
         }
     }
 }

apache/create_virt.cgi

@@ -217,15 +217,17 @@ push(@mems, @cmems);
 
 if ($in{'adddir'} && $in{'root'}) {
 	# Add a <Directory> section for the root
+	my @dmems;
+	if ($httpd_modules{'core'} < 2.4) {
+		push(@dmems, { 'name' => 'allow',
+			       'value' => 'from all' });
+		}
+	push(@dmems, { 'name' => 'Options',
+		       'value' => 'None' });
 	$dirsect = { 'name' => 'Directory',
 		     'value' => "\"$in{'root'}\"",
 		     'type' => 1,
-		     'members' => [
-			{ 'name' => 'allow',
-			  'value' => 'from all' },
-			{ 'name' => 'Options',
-			  'value' => 'None' },
-			],
+		     'members' => \@dmems,
 		   };
 	if ($httpd_modules{'core'} >= 2.4) {
 		# Apache 2.4+ needs a 'Require all granted' line

bandwidth/acl_security.pl

@@ -5,17 +5,16 @@ do 'bandwidth-lib.pl';
 # Output HTML for editing security options for the acl module
 sub acl_security_form
 {
-print "<tr> <td><b>$text{'acl_setup'}</b></td> <td>\n";
-printf "<input type=radio name=setup value=1 %s> $text{'yes'}\n",
-	$o->{'setup'} ? 'checked' : '';
-printf "<input type=radio name=setup value=0 %s> $text{'no'}</td> </tr>\n",
-	$o->{'setup'} ? '' : 'checked';
+my ($o) = @_;
+print &ui_table_row($text{'acl_setup'},
+	&ui_yesno_radio("setup", $o->{'setup'}));
 }
 
 # acl_security_save(&options)
 # Parse the form for security options for the acl module
 sub acl_security_save
 {
-$_[0]->{'setup'} = $in{'setup'};
+my ($o) = @_;
+$o->{'setup'} = $in{'setup'};
 }
 

bandwidth/bandwidth-lib.pl

@@ -8,12 +8,12 @@
 BEGIN { push(@INC, ".."); };
 use WebminCore;
 &init_config();
-if (&foreign_installed("syslog-ng")) {
-	&foreign_require("syslog-ng", "syslog-ng-lib.pl");
+if (&foreign_installed("syslog-ng", 1) == 2) {
+	&foreign_require("syslog-ng");
 	$syslog_module = "syslog-ng";
 	}
 elsif (&foreign_installed("syslog")) {
-	&foreign_require("syslog", "syslog-lib.pl");
+	&foreign_require("syslog");
 	$syslog_module = "syslog";
 	}
 else {

bandwidth/index.cgi

@@ -124,54 +124,47 @@ elsif ($missingrule || !$sysconf) {
 if (@hours) {
 	# Show reporting form
 	print &ui_form_start("index.cgi");
-	print "<table>\n";
+	print &ui_table_start(undef, undef, 2);
 
-	print "<tr> <td><b>$text{'index_by'}</b></td>\n";
-	print "<td>",&ui_select("by", $in{'by'},
-		[ [ 'hour', $text{'index_hour'} ],
-		  [ 'day', $text{'index_day'} ],
-		  [ 'host', $text{'index_host'} ],
-		  [ 'proto', $text{'index_proto'} ],
-		  [ 'iport', $text{'index_iport'} ],
-		  [ 'oport', $text{'index_oport'} ],
-		  [ 'port', $text{'index_port'} ] ]),"</td>\n";
+	print &ui_table_row($text{'index_by'},
+		&ui_select("by", $in{'by'},
+			[ [ 'hour', $text{'index_hour'} ],
+			  [ 'day', $text{'index_day'} ],
+			  [ 'host', $text{'index_host'} ],
+			  [ 'proto', $text{'index_proto'} ],
+			  [ 'iport', $text{'index_iport'} ],
+			  [ 'oport', $text{'index_oport'} ],
+			  [ 'port', $text{'index_port'} ] ]));
 
-	print "<td><b>$text{'index_for'}</b></td>\n";
-	print "<td>",&ui_select("for", $in{'for'},
-		[ [ '', $text{'index_all'} ],
-		  [ 'host', $text{'index_forhost'} ],
-		  [ 'proto', $text{'index_forproto'} ],
-		  [ 'iport', $text{'index_foriport'} ],
-		  [ 'oport', $text{'index_foroport'} ] ]),"\n";
-	print &ui_textbox("what", $in{'for'} ? $in{'what'} : "", 20),
-	      "</td> </tr>\n";
+	print &ui_table_row($text{'index_for'},
+		&ui_select("for", $in{'for'},
+			[ [ '', $text{'index_all'} ],
+			  [ 'host', $text{'index_forhost'} ],
+			  [ 'proto', $text{'index_forproto'} ],
+			  [ 'iport', $text{'index_foriport'} ],
+			  [ 'oport', $text{'index_foroport'} ] ])." ".
+		&ui_textbox("what", $in{'for'} ? $in{'what'} : "", 20));
 
-	print "<tr> <td><b>$text{'index_from'}</b></td>\n";
-	print "<td colspan=4>",
+	print &ui_table_row($text{'index_from'},
 		&date_input($in{'from_day'}, $in{'from_month'},
-			    $in{'from_year'}, "from"),
-		&hourmin_input($in{'from_hour'}, "00", "from"),"</td> </tr>\n";
+			    $in{'from_year'}, "from").
+		&hourmin_input($in{'from_hour'}, "00", "from"));
 
-	print "<tr> <td><b>$text{'index_to'}</b></td>\n";
-	print "<td colspan=4>",
+	print &ui_table_row($text{'index_to'},
 		&date_input($in{'to_day'}, $in{'to_month'},
-			    $in{'to_year'}, "to"),
-		&hourmin_input($in{'to_hour'}, "00", "to"),"</td> </tr>\n";
+			    $in{'to_year'}, "to").
+		&hourmin_input($in{'to_hour'}, "00", "to"));
 
 	if (!%in) {
 		# Enable by default
 		$in{'low'} = 1;
 		}
-	print "<tr> <td></td> <td colspan=4>\n";
-	print &ui_checkbox("low", 1, $text{'index_low'}, $in{'low'});
-	print &ui_checkbox("resolv", 1, $text{'index_resolv'}, $in{'resolv'});
-	print "</td> </tr>\n";
+	print &ui_table_row("",
+		&ui_checkbox("low", 1, $text{'index_low'}, $in{'low'}).
+		&ui_checkbox("resolv", 1, $text{'index_resolv'}, $in{'resolv'}));
 
-	print "<tr> <td colspan=4>",
-		&ui_submit($text{'index_search'}),"</td> </td>\n";
-
-	print "</table>\n";
-	print &ui_form_end();
+	print &ui_table_end();
+	print &ui_form_end([ [ undef, $text{'index_search'} ] ]);
 	}
 elsif (!$missingrule && $sysconf) {
 	print "<b>$text{'index_none'}</b><p>\n";
@@ -344,37 +337,45 @@ if ($in{'by'}) {
 		@order = grep { $count{$_} } @order;
 		}
 	if (@order) {
-		print "<table width=100% cellpadding=0 cellspacing=0>\n";
-		print "<tr>\n";
-		print "<td><b>",$text{'index_h'.$in{'by'}},"</b></td>\n";
-		print "<td colspan=2><b>$text{'index_usage'}</b></td>\n";
-		print "</tr>\n";
-		$total = 0;
+		print &ui_columns_start([ $text{'index_h'.$in{'by'}},
+					  $text{'index_usage'},
+					  $text{'index_in'},
+					  $text{'index_out'},
+					  $text{'index_total'} ], 100, 0);
+		$itotal = $ototal = $total = 0;
 		foreach $k (@order) {
-			print "<tr>\n";
+			my @cols;
 			if ($in{'by'} eq 'hour') {
-				print "<td>",&make_date($k*60*60),"</td>\n";
+				push(@cols, &make_date($k*60*60));
 				}
 			elsif ($in{'by'} eq 'day') {
 				$date = &make_date_day($k*60*60);
-				print "<td>$date</td>\n";
+				push(@cols, $date);
 				}
 			else {
-				print "<td>$k</td>\n";
+				push(@cols, $k);
 				}
-			print "<td>";
-			printf "<img src=images/red.gif width=%d height=10>",
+			my $bar = sprintf
+				"<img src=images/red.gif width=%d height=10>",
 				$max ? int($width * $icount{$k}/$max)+1 : 1;
-			printf "<img src=images/blue.gif width=%d height=10>",
+			$bar .= sprintf
+				"<img src=images/blue.gif width=%d height=10>",
 				$max ? int($width * $ocount{$k}/$max)+1 : 1;
-			print "</td>";
-			print "<td>",&nice_size($count{$k}),"</td>\n";
+			push(@cols, $bar);
+			push(@cols, &nice_size($icount{$k}),
+				    &nice_size($ocount{$k}),
+				    &nice_size($count{$k}));
 			$total += $count{$k};
+			$itotal += $icount{$k};
+			$ototal += $ocount{$k};
 			print "</tr>\n";
+			print &ui_columns_row(\@cols);
 			}
-		print "<tr> <td colspan=2></td> <td><b>",
-		&nice_size($total),"</td> </tr>\n";
-		print "</table>\n";
+		print &ui_columns_row([ undef, undef,
+					&nice_size($itotal),
+					&nice_size($ototal),
+					&nice_size($total) ]);
+		print &ui_columns_end();
 		}
 	else {
 		print "<b>$text{'index_nomatch'}</b><p>\n";

bandwidth/lang/en

@@ -41,6 +41,9 @@ index_efrom=Invalid starting date and time
 index_eto=Invalid ending date and time
 index_err=Failed to generate report
 index_usage=Network traffic <font color=#ff0000>downloaded</font> and <font color=#0000ff>uploaded</font>
+index_in=Download
+index_out=Upload
+index_total=Total
 index_hhour=Hour
 index_hhost=Host
 index_hday=Day

bind8/bind8-lib.pl

@@ -1281,6 +1281,14 @@ elsif ($type eq "DMARC") {
 	print &ui_table_row($text{'value_dmarcruf'},
 	    &ui_opt_textbox("dmarcruf", $ruf, 50, $text{'value_dmarcnor'}), 3);
 
+	print &ui_table_row($text{'value_dmarcrf'},
+		&ui_select("dmarcrf", $dmarc->{'rf'},
+			   [ [ undef, $text{'default'} ],
+			     [ 'afrf', $text{'value_dmarcafrf'} ] ]));
+
+	print &ui_table_row($text{'value_dmarcri'},
+		&ui_textbox("dmarcri", $dmarc->{'ri'}, 5)."s");
+
 	print &ui_table_row($text{'value_dmarcfo'},
 		&ui_select("dmarcfo", $dmarc->{'fo'},
 			   [ [ undef, $text{'default'} ],
@@ -1310,18 +1318,42 @@ elsif ($type eq "NSEC3PARAM") {
 	}
 elsif ($type eq "CAA") {
 	# CAA records have a flag, tag and issuer domain
-	print &ui_table_row($text{'value_CAA0'},
+	print &ui_table_row($text{'value_CAA1'},
 		&ui_yesno_radio("value0", $v[0] || 0));
 
-	print &ui_table_row($text{'value_CAA1'},
+	print &ui_table_row($text{'value_CAA2'},
 		&ui_select("value1", $v[1],
 			   [ [ "issue", $text{'value_caa_issue'} ],
 			     [ "issuewild", $text{'value_caa_issuewild'} ],
 			     [ "iodef", $text{'value_caa_iodef'} ] ]));
 
-	print &ui_table_row($text{'value_CAA2'},
+	print &ui_table_row($text{'value_CAA3'},
 		&ui_textbox("value2", $v[2], 40));
 	}
+elsif ($type eq "NAPTR") {
+	# NAPTR records have order, preference, flags, services and regexp
+	print &ui_table_row($text{'value_NAPTR1'},
+		&ui_textbox("value0", $v[0], 5));
+
+	print &ui_table_row($text{'value_NAPTR2'},
+		&ui_textbox("value1", $v[1], 5));
+
+	my %flags = map { $_, 1 } split(//, $v[2]);
+	my @fopts = ("S", "A", "U", "P");
+	print &ui_table_row($text{'value_NAPTR3'},
+		join(" ", map { &ui_checkbox("value2", $_, $text{'value_NAPTR3_'.$_}, $flags{$_})."<br>" } @fopts));
+
+	print &ui_table_row($text{'value_NAPTR4'},
+		&ui_textbox("value3", $v[3], 40), 3);
+
+	print &ui_table_row($text{'value_NAPTR5'},
+		&ui_opt_textbox("value4", $v[4], 50,
+				$text{'value_NAPTR5_def'}), 3);
+
+	print &ui_table_row($text{'value_NAPTR6'},
+		&ui_opt_textbox("value5", $v[5] eq "." ? "" : $v[5], 50,
+				$text{'value_NAPTR6_def'}), 3);
+	}
 else {
 	# All other types just have a text box
 	print &ui_table_row($text{'value_other'},
@@ -2983,7 +3015,7 @@ $slave_error = $_[0];
 
 sub get_forward_record_types
 {
-return ("A", "NS", "CNAME", "MX", "HINFO", "TXT", "SPF", "DMARC", "WKS", "RP", "PTR", "LOC", "SRV", "KEY", "TLSA", "SSHFP", "CAA", "NSEC3PARAM", $config{'support_aaaa'} ? ( "AAAA" ) : ( ), @extra_forward);
+return ("A", "NS", "CNAME", "MX", "HINFO", "TXT", "SPF", "DMARC", "WKS", "RP", "PTR", "LOC", "SRV", "KEY", "TLSA", "SSHFP", "CAA", "NAPTR", "NSEC3PARAM", $config{'support_aaaa'} ? ( "AAAA" ) : ( ), @extra_forward);
 }
 
 sub get_reverse_record_types
@@ -3333,6 +3365,7 @@ if (!$single) {
 
 # Add the new DNSKEY record(s) to the zone
 my $chrootfn = &get_zone_file($z);
+$chrootfn || return "Could not work out records file!";
 my @recs = &read_zone_file($chrootfn, $dom);
 for(my $i=$#recs; $i>=0; $i--) {
 	if ($recs[$i]->{'type'} eq 'DNSKEY') {
@@ -3487,7 +3520,7 @@ while($tries++ < 10) {
 	$out = &backquote_logged(
 		"cd ".quotemeta($dir)." && ".
 		"$config{'signzone'} -o ".quotemeta($dom).
-		($alg =~ /^NSEC3/ ? " -3 -" : "").
+		($alg =~ /^(NSEC3|RSASHA256|RSASHA512|ECCGOST|ECDSAP256SHA256|ECDSAP384SHA384)/ ? " -3 -" : "").
 		" -f ".quotemeta($signed)." ".
 		quotemeta($chrootfn)." 2>&1");
 	last if (!$?);

bind8/edit_record.cgi

@@ -28,6 +28,6 @@ my $desc = &text('edit_header', &zone_subhead($zone));
 &ui_print_footer("", $text{'index_return'},
 	"edit_$type.cgi?zone=$in{'zone'}&view=$in{'view'}",
 	$text{'recs_return'},
-	"edit_recs.cgi?zone=$in{'zone'}&type=$in{'type'}",
+	"edit_recs.cgi?zone=$in{'zone'}&view=$in{'view'}&type=$in{'type'}",
 	$text{'edit_return'});
 

bind8/edit_recs.cgi

@@ -90,7 +90,7 @@ my %hmap;
 if (@recs) {
 	@recs = &sort_records(@recs);
 	foreach my $v (sort { $a cmp $b } keys %text) {
-		if ($v =~ /^value_([A-Z0-9]+)(\d+)/) {
+		if ($v =~ /^value_([A-Z0-9]+)(\d+)$/) {
 			$hmap{$1}->[$2-1] = $text{$v};
 			}
 		}

bind8/lang/af.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Rapporteer as DKIM en SPF misluk het
 value_dmarcfo1=Rapporteer as DKIM of SPF misluk het
 value_dmarcfod=Rapporteer as handtekeningevaluering misluk het
 value_dmarcfos=Rapporteer as SPF-evaluering misluk het
-value_CAA0=Vereis afdwinging?
 value_CAA1=Vereis afdwinging?
 value_CAA2=Magtigingstipe
+value_CAA3=CA domeinnaam
 value_caa_issue=Enkele domein sertifikaat
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=URL vir beleidskending

bind8/lang/ar.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=أبلغ في حالة فشل DKIM و SPF
 value_dmarcfo1=أبلغ في حالة فشل DKIM أو SPF
 value_dmarcfod=أبلغ في حالة فشل تقييم التوقيع
 value_dmarcfos=أبلغ في حالة فشل تقييم نظام التعرف على هوية المرسل (SPF)
-value_CAA0=هل تتطلب التنفيذ؟
-value_CAA1=تتطلب التنفيذ؟
+value_CAA1=هل تتطلب التنفيذ؟
 value_CAA2=نوع التفويض
+value_CAA3=اسم المجال CA
 value_caa_issue=سيرت مجال واحد
 value_caa_issuewild=شهادة البدل
 value_caa_iodef=عنوان URL لانتهاك السياسة

bind8/lang/be.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Паведаміць, калі DKIM і SPF не атрымала
 value_dmarcfo1=Паведаміце, калі не атрымалася альбо DKIM, альбо SPF
 value_dmarcfod=Паведаміць, калі ацэнка подпісаў не атрымалася
 value_dmarcfos=Паведаміць, калі ацэнка SPF не атрымалася
-value_CAA0=Патрабаваць выканання?
-value_CAA1=Патрабуе выканання?
-value_CAA2=Тып дазволу
+value_CAA1=Патрабаваць выканання?
+value_CAA2=Тып аўтарызацыі
+value_CAA3=CA даменнае імя
 value_caa_issue=Адзін дамен серт
 value_caa_issuewild=Уайлдкард cert
 value_caa_iodef=URL парушэння палітыкі

bind8/lang/bg.auto

@@ -16,9 +16,9 @@ value_dmarcfo0=Отчетете, ако DKIM и SPF не са успели
 value_dmarcfo1=Отчетете, ако DKIM или SPF не са успели
 value_dmarcfod=Отчетете, ако оценката на подпис не е успешна
 value_dmarcfos=Отчетете, ако оценката на SPF не е успешна
-value_CAA0=Изискване на изпълнение?
-value_CAA1=Искате прилагане?
-value_CAA2=Тип на разрешение
+value_CAA1=Изискване на изпълнение?
+value_CAA2=Тип разрешение
+value_CAA3=CA име на домейн
 value_caa_issue=Серт за един домейн
 value_caa_issuewild=Уайлдкард сертификат
 value_caa_iodef=URL адрес на нарушение на правилата

bind8/lang/ca.auto

@@ -21,9 +21,9 @@ value_dmarcfo0=Informeu si DKIM i SPF han fallat
 value_dmarcfo1=Informeu si DKIM o SPF han fallat
 value_dmarcfod=Informeu si l’avaluació de la signatura ha fallat
 value_dmarcfos=Informeu si l’avaluació SPF ha fallat
-value_CAA0=Requereix execució?
-value_CAA1=Necessiteu fer complir el compliment?
+value_CAA1=Requereix execució?
 value_CAA2=Tipus d'autorització
+value_CAA3=Nom de domini CA
 value_caa_issue=Cert domini únic
 value_caa_issuewild=Certificat de comodins
 value_caa_iodef=URL de violació de la política

bind8/lang/cs.auto

@@ -129,9 +129,9 @@ value_dmarcfo0=Hlášení, pokud selhaly DKIM a SPF
 value_dmarcfo1=Hlášení, pokud selhaly DKIM nebo SPF
 value_dmarcfod=Nahlásit, pokud se vyhodnocení podpisu nezdařilo
 value_dmarcfos=Hlášení, pokud se hodnocení SPF nezdařilo
-value_CAA0=Vyžadovat vymáhání?
 value_CAA1=Vyžadovat vymáhání?
 value_CAA2=Typ oprávnění
+value_CAA3=Název domény CA
 value_caa_issue=Osvědčení o jedné doméně
 value_caa_issuewild=Zástupný certifikát
 value_caa_iodef=Adresa URL pro porušení zásad

bind8/lang/da.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Rapporter, hvis DKIM og SPF mislykkedes
 value_dmarcfo1=Rapporter, hvis enten DKIM eller SPF mislykkedes
 value_dmarcfod=Rapporter, hvis signaturevaluering mislykkedes
 value_dmarcfos=Rapporter, hvis SPF-evaluering mislykkedes
-value_CAA0=Kræver håndhævelse?
-value_CAA1=Kræver fuldbyrdelse?
-value_CAA2=Godkendelsestype
+value_CAA1=Kræver håndhævelse?
+value_CAA2=Autorisationstype
+value_CAA3=CA domænenavn
 value_caa_issue=Enkelt domæne cert
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=URL-adresse til overtrædelse af politik

bind8/lang/de

@@ -512,13 +512,9 @@ value_dmarcruf=Sende forensische Informationen an
 value_dmarcsp=Regeln für Subdomains
 value_dmarcnop=Gleiche wie diese Domain
 value_dmarcaspf=Erfordert strikt SPF alignment
-value_dmarcadkim=Require strict DKIM alignment
 value_dmarcnor=Sende nicht
-value_CAA1=Require enforcement?
-value_CAA2=Authorization type
 value_caa_issue=Single domain cert
 value_caa_issuewild=Wildcard cert
-value_caa_iodef=Policy violation URL
 
 tlsa_usage0=Zertifizierungsstelle
 tlsa_usage1=End entity
@@ -1158,7 +1154,6 @@ dt_zone_already=Die Zone scheint unterzeichnet wurden zu sein, aber benutzt nich
 dt_zone_desc=Diese Zone hat noch nicht bisher DNSSEC aktiviert. Sie können dieses Formular nutzen, um Webmin mit DNSSEC-Tools automatisieren, so dass die Clients der Zone durch dieser Zone gegen DNS-Spoofing-Attacken geschützt sind.
 dt_zone_header=Zone DNSSEC-Tools Optionen
 dt_zone_dne=Authentifizierter Denial of Existence
-dt_zone_enable=DNSSEC Automation
 dt_zone_disable=Deaktiviere DNSSEC
 dt_zone_disabledesc=Entfernt diese Zone aus der Liste der Zonen, die durch DNSSEC-Tools für die Zone-Signierung und Schlüsselaustausch verwaltet werden.
 dt_zone_err=DNSSEC Operation fehlgeschlagen

bind8/lang/de.auto

@@ -3,12 +3,17 @@ master_inview=$1 im Blick $2
 delete_vwarn=Diese Zone ist der Virtualmin-Domäne $1 zugeordnet und sollte daher hier nicht gelöscht werden!
 
 delete_vwarn2=Diese Zone ist mit den Virtualmin-Domänen $1 und $2 anderer verknüpft und sollte daher hier nicht gelöscht werden!
+
+value_dmarcadkim=Erfordert eine strikte DKIM-Ausrichtung
 value_dmarcfo=Fehlermeldemodus
 value_dmarcfo0=Melden, wenn DKIM und SPF fehlgeschlagen sind
 value_dmarcfo1=Melden, wenn entweder DKIM oder SPF fehlgeschlagen sind
 value_dmarcfod=Melden, wenn die Signaturauswertung fehlgeschlagen ist
 value_dmarcfos=Melden, wenn die SPF-Bewertung fehlgeschlagen ist
-value_CAA0=Durchsetzung erforderlich?
+value_CAA1=Durchsetzung erforderlich?
+value_CAA2=Berechtigungstyp
+value_CAA3=CA-Domänenname
+value_caa_iodef=URL für Richtlinienverstoß
 
 log_forward=Vorwärtszone $1 erstellt
 log_delegation=Erstellen Sie eine Nur-Delegierungszone $1
@@ -18,3 +23,5 @@ log_dnssec=Ändern Sie die Neuunterzeichnung des DNSSEC-Schlüssels
 
 massdelete_vwarn=Einige Zonen sind der Virtualmin-Domäne $1 zugeordnet und sollten daher hier nicht gelöscht werden!
 massdelete_vwarn2=Einige Zonen sind der Virtualmin-Domäne $1 und $2 zugeordnet, andere sollten daher hier nicht gelöscht werden!
+
+dt_zone_enable=DNSSEC-Automatisierung

bind8/lang/el.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Αναφέρετε εάν το DKIM και το SPF απέτυχ
 value_dmarcfo1=Αναφορά εάν απέτυχε είτε το DKIM είτε το SPF
 value_dmarcfod=Αναφέρετε εάν η αξιολόγηση υπογραφής απέτυχε
 value_dmarcfos=Αναφέρετε εάν η αξιολόγηση SPF απέτυχε
-value_CAA0=Απαιτείται επιβολή;
-value_CAA1=Απαιτείται η εφαρμογή;
+value_CAA1=Απαιτείται επιβολή;
 value_CAA2=Τύπος εξουσιοδότησης
+value_CAA3=Όνομα τομέα CA
 value_caa_issue=Έλεγχος ενός τομέα
 value_caa_issuewild=Χαρακτηριστικά μπαλαντέρ
 value_caa_iodef=Διεύθυνση URL παραβίασης πολιτικής

bind8/lang/en

@@ -313,6 +313,10 @@ edit_edmarcpct=Percentage of messages must be an integer between 0 and 100
 edit_edmarcrua=Missing aggregate feedback address
 edit_edmarcruf=Missing forensic information address
 edit_ecaavalue2=Missing or invalid-looking domain name
+edit_enaptrvalue0=Record order must be a number
+edit_enaptrvalue1=Record preference must be a number
+edit_enaptrvalue3=Missing services field
+edit_enaptrvalue4=Only one of the regexp and replacement fields can be set
 
 text_title=Edit Records File
 text_title2=View Records File
@@ -403,6 +407,7 @@ type_SRV=Service Address
 type_ALL=All Record Types
 type_KEY=Public Key
 type_CAA=Certificate Authority
+type_NAPTR=Name Authority Pointer
 
 edit_A=Address
 edit_AAAA=IPv6 Address
@@ -423,6 +428,7 @@ edit_NSEC3PARAM=DNSSEC Parameters
 edit_TLSA=SSL Certificate
 edit_SSHFP=SSH Public Key
 edit_CAA=Certificate Authority
+edit_NAPTR=Name Authority Pointer
 
 recs_defttl=Default TTL
 recs_A=Address
@@ -445,6 +451,7 @@ recs_NSEC3PARAM=DNSSEC Parameters
 recs_TLSA=SSL Certificate
 recs_SSHFP=SSH Public Key
 recs_CAA=Certificate Authority
+recs_NAPTR=Name Authority
 recs_delete=Delete Selected
 
 value_A1=Address
@@ -522,12 +529,27 @@ value_dmarcfo0=Report if DKIM and SPF failed
 value_dmarcfo1=Report if either DKIM or SPF failed
 value_dmarcfod=Report if signature evaluation failed
 value_dmarcfos=Report if SPF evaluation failed
-value_CAA0=Require enforcement? 
-value_CAA1=Authorization type
-value_CAA2=CA domain name
+value_CAA1=Require enforcement? 
+value_CAA2=Authorization type
+value_CAA3=CA domain name
 value_caa_issue=Single domain cert
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=Policy violation URL
++value_dmarcri=Reporting interval
++value_dmarcrf=Report format
++value_dmarcafrf=Authentication Failure Reporting Format
+value_NAPTR1=Order
+value_NAPTR2=Preference
+value_NAPTR3=Flags
+value_NAPTR4=Services
+value_NAPTR5=Regexp
+value_NAPTR5_def=None (use replacement)
+value_NAPTR6=Replacement
+value_NAPTR6_def=None (use regexp)
+value_NAPTR3_S=Lookup SRV record next
+value_NAPTR3_A=Lookup A or AAAA record next
+value_NAPTR3_U=Use regexp output next
+value_NAPTR3_P=Protocol-specific action
 
 tlsa_usage0=Certificate authority
 tlsa_usage1=End entity

bind8/lang/es.auto

@@ -181,9 +181,9 @@ value_dmarcfo0=Informar si DKIM y SPF fallaron
 value_dmarcfo1=Informar si fallaron DKIM o SPF
 value_dmarcfod=Informar si la evaluación de la firma falló
 value_dmarcfos=Informar si la evaluación del SPF falló
-value_CAA0=¿Requerir cumplimiento?
-value_CAA1=¿Requerir ejecución?
+value_CAA1=¿Requerir cumplimiento?
 value_CAA2=Tipo de autorización
+value_CAA3=Nombre de dominio de CA
 value_caa_issue=Certificado de dominio único
 value_caa_issuewild=Cert comodín
 value_caa_iodef=URL de infracción de política

bind8/lang/eu.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Jakinarazi DKIM eta SPFek huts egin dutela
 value_dmarcfo1=Jakinarazi DKIMek edo SPFek huts egin badute
 value_dmarcfod=Eman sinadurak ebaluatzeak huts egin badu
 value_dmarcfos=Jakinarazi SPF ebaluazioak huts egin badu
-value_CAA0=Betearazpena eskatu?
-value_CAA1=Betearaztea eskatzen al duzu?
+value_CAA1=Betearazpena eskatzen al duzu?
 value_CAA2=Baimen mota
+value_CAA3=CA domeinu-izena
 value_caa_issue=Domeinu bakarreko ziurtagiria
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=Politika urratzeko URLa

bind8/lang/fa.auto

@@ -162,9 +162,9 @@ value_dmarcfo0=در صورت خرابی DKIM و SPF گزارش دهید
 value_dmarcfo1=در صورت خرابی DKIM یا SPF گزارش دهید
 value_dmarcfod=اگر ارزیابی امضا ناموفق بود گزارش دهید
 value_dmarcfos=در صورت عدم موفقیت در ارزیابی SPF ، گزارش دهید
-value_CAA0=نیاز به اجرا دارد؟
-value_CAA1=اجرای احتیاج دارید؟
+value_CAA1=نیاز به اجرا دارد؟
 value_CAA2=نوع مجوز
+value_CAA3=نام دامنه CA
 value_caa_issue=گواهینامه دامنه تک
 value_caa_issuewild=گواهینامه Wildcard
 value_caa_iodef=URL نقض خط مشی

bind8/lang/fi.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Ilmoita, jos DKIM ja SPF epäonnistuivat
 value_dmarcfo1=Ilmoita, jos joko DKIM tai SPF epäonnistui
 value_dmarcfod=Ilmoita, jos allekirjoituksen arviointi epäonnistui
 value_dmarcfos=Ilmoita, jos SPF-arviointi epäonnistui
-value_CAA0=Vaaditaanko täytäntöönpanoa?
 value_CAA1=Vaaditaanko täytäntöönpanoa?
-value_CAA2=Valtuutuksen tyyppi
+value_CAA2=Valtuutustyyppi
+value_CAA3=CA-verkkotunnuksen nimi
 value_caa_issue=Yhden verkkotunnuksen sertifikaatti
 value_caa_issuewild=Jokerimerkki
 value_caa_iodef=Käytäntöloukkauksen URL-osoite

bind8/lang/fr

@@ -517,8 +517,6 @@ value_dmarcnop=Identique à ce domaine
 value_dmarcaspf=Exiger un alignement SPF strict
 value_dmarcadkim=Exiger un alignement DKIM strict
 value_dmarcnor=N'envoyez pas
-value_CAA1=Exiger l'application?
-value_CAA2=Type d'autorisation
 value_caa_issue=CERT de domaine unique
 value_caa_issuewild=Certificat générique
 value_caa_iodef=URL de violation des règles

bind8/lang/fr.auto

@@ -3,4 +3,6 @@ value_dmarcfo0=Signaler si DKIM et SPF ont échoué
 value_dmarcfo1=Signaler si DKIM ou SPF a échoué
 value_dmarcfod=Signaler si l'évaluation de la signature a échoué
 value_dmarcfos=Signaler si l'évaluation SPF a échoué
-value_CAA0=Exiger l'exécution?
+value_CAA1=Exiger l'exécution?
+value_CAA2=Type d'autorisation
+value_CAA3=nom de domaine CA

bind8/lang/he.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=דווח אם DKIM ו- SPF נכשלו
 value_dmarcfo1=דווח אם DKIM או SPF נכשלו
 value_dmarcfod=דווח אם הערכת החתימה נכשלה
 value_dmarcfos=דווח אם הערכת SPF נכשלה
-value_CAA0=לדרוש אכיפה?
-value_CAA1=דורשים אכיפה?
+value_CAA1=לדרוש אכיפה?
 value_CAA2=סוג הרשאה
+value_CAA3=שם דומיין CA
 value_caa_issue=אישור תחום בודד
 value_caa_issuewild=אישור Wildcard
 value_caa_iodef=כתובת אתר להפרת מדיניות

bind8/lang/hr.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Prijavite ako DKIM i SPF nisu uspjeli
 value_dmarcfo1=Prijavite ako DKIM ili SPF nisu uspjeli
 value_dmarcfod=Prijavite ako procjena potpisa nije uspjela
 value_dmarcfos=Prijavite ako SPF procjena nije uspjela
-value_CAA0=Zahtijevati ovrhu?
-value_CAA1=Zahtijevate izvršenje?
+value_CAA1=Zahtijevati ovrhu?
 value_CAA2=Vrsta autorizacije
+value_CAA3=Naziv CA domene
 value_caa_issue=Cert jednog domena
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=URL za kršenje pravila

bind8/lang/hu.auto

@@ -86,9 +86,9 @@ value_dmarcfo0=Jelentés, ha a DKIM és az SPF nem sikerült
 value_dmarcfo1=Jelentse, ha a DKIM vagy az SPF nem sikerült
 value_dmarcfod=Jelentés, ha az aláírás kiértékelése sikertelen volt
 value_dmarcfos=Jelentés, ha az SPF értékelése nem sikerült
-value_CAA0=Végrehajtást igényel?
 value_CAA1=Végrehajtást igényel?
 value_CAA2=Engedély típusa
+value_CAA3=CA domain név
 value_caa_issue=Egy domain tanúsítvány
 value_caa_issuewild=Helyettesítő karakter
 value_caa_iodef=Az irányelv megsértésének URL-je

bind8/lang/it.auto

@@ -209,9 +209,9 @@ value_dmarcfo0=Segnala se DKIM e SPF non sono riusciti
 value_dmarcfo1=Segnala se DKIM o SPF non sono riusciti
 value_dmarcfod=Segnala se la valutazione della firma non è riuscita
 value_dmarcfos=Segnala se la valutazione SPF non è riuscita
-value_CAA0=Richiedere l'applicazione?
-value_CAA1=Richiede l'applicazione?
+value_CAA1=Richiedere l'applicazione?
 value_CAA2=Tipo di autorizzazione
+value_CAA3=Nome di dominio della CA
 value_caa_issue=Cert dominio singolo
 value_caa_issuewild=Cert jolly
 value_caa_iodef=URL di violazione delle norme

bind8/lang/ja.auto

@@ -104,9 +104,9 @@ value_dmarcfo0=DKIMとSPFが失敗したかどうかを報告する
 value_dmarcfo1=DKIM または SPF のいずれかが失敗した場合に報告する
 value_dmarcfod=署名の評価が失敗した場合に報告する
 value_dmarcfos=SPF 評価に失敗した場合のレポート
-value_CAA0=施行が必要ですか？
-value_CAA1=施行が必要ですか？
-value_CAA2=認証タイプ
+value_CAA1=強制が必要ですか？
+value_CAA2=承認タイプ
+value_CAA3=CAドメイン名
 value_caa_issue=単一ドメイン証明書
 value_caa_issuewild=ワイルドカード証明書
 value_caa_iodef=ポリシー違反URL

bind8/lang/ko.auto

@@ -278,9 +278,9 @@ value_dmarcfo0=DKIM 및 SPF 실패 여부보고
 value_dmarcfo1=DKIM 또는 SPF가 실패한 경우보고
 value_dmarcfod=서명 평가 실패시보고
 value_dmarcfos=SPF 평가 실패시보고
-value_CAA0=시행이 필요하십니까?
-value_CAA1=집행이 필요합니까?
-value_CAA2=인증 유형
+value_CAA1=시행이 필요하십니까?
+value_CAA2=승인 유형
+value_CAA3=CA 도메인 이름
 value_caa_issue=단일 도메인 인증서
 value_caa_issuewild=와일드 카드 인증서
 value_caa_iodef=정책 위반 URL

bind8/lang/lt.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Pranešti, jei nepavyko DKIM ir SPF
 value_dmarcfo1=Pranešti, jei nepavyko DKIM arba SPF
 value_dmarcfod=Pranešti, jei nepavyko įvertinti parašo
 value_dmarcfos=Pranešti, jei nepavyko įvertinti SPF
-value_CAA0=Reikalauti vykdymo?
 value_CAA1=Reikalauti vykdymo?
 value_CAA2=Autorizacijos tipas
+value_CAA3=CA domeno vardas
 value_caa_issue=Vieno domeno sertifikatas
 value_caa_issuewild=Pakaitos sertifikatas
 value_caa_iodef=Politikos pažeidimo URL

bind8/lang/lv.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Ziņot, ja neizdevās DKIM un SPF
 value_dmarcfo1=Ziņot, ja neizdevās vai nu DKIM, vai SPF
 value_dmarcfod=Ziņot, ja paraksta novērtēšana neizdevās
 value_dmarcfos=Ziņot, ja SPF novērtēšana neizdevās
-value_CAA0=Vai pieprasīt izpildi?
 value_CAA1=Vai pieprasīt izpildi?
-value_CAA2=Autorizācijas tips
+value_CAA2=Autorizācijas veids
+value_CAA3=CA domēna vārds
 value_caa_issue=Viena domēna sertifikāts
 value_caa_issuewild=Aizstājējzīmi sert
 value_caa_iodef=Politikas pārkāpuma URL

bind8/lang/ms.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Laporkan jika DKIM dan SPF gagal
 value_dmarcfo1=Laporkan sama ada DKIM atau SPF gagal
 value_dmarcfod=Laporkan jika penilaian tandatangan gagal
 value_dmarcfos=Laporkan jika penilaian SPF gagal
-value_CAA0=Perlukan penguatkuasaan?
-value_CAA1=Memerlukan penguatkuasaan?
+value_CAA1=Perlukan penguatkuasaan?
 value_CAA2=Jenis kebenaran
+value_CAA3=nama domain CA
 value_caa_issue=Perakuan domain tunggal
 value_caa_issuewild=Pensijilan Wildcard
 value_caa_iodef=URL pelanggaran dasar

bind8/lang/mt.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Irrapporta jekk DKIM u SPF fallewx
 value_dmarcfo1=Irrapporta jekk jew DKIM jew SPF fallewx
 value_dmarcfod=Irrapporta jekk l-evalwazzjoni tal-firma falliet
 value_dmarcfos=Irrapporta jekk l-evalwazzjoni SPF falliet
-value_CAA0=Teħtieġ infurzar?
 value_CAA1=Teħtieġ infurzar?
-value_CAA2=Tip ta 'awtorizzazzjoni
+value_CAA2=Tip ta' awtorizzazzjoni
+value_CAA3=Isem tad-dominju CA
 value_caa_issue=Ċert ta 'dominju uniku
 value_caa_issuewild=Ċert tal-wildcard
 value_caa_iodef=URL tal-ksur tal-politika

bind8/lang/nl.auto

@@ -83,9 +83,9 @@ value_dmarcfo0=Rapporteren als DKIM en SPF zijn mislukt
 value_dmarcfo1=Rapporteren als DKIM of SPF is mislukt
 value_dmarcfod=Rapporteren als evaluatie van handtekening is mislukt
 value_dmarcfos=Rapporteren als SPF-evaluatie is mislukt
-value_CAA0=Handhaving nodig?
-value_CAA1=Handhaving vereisen?
-value_CAA2=Autorisatie type
+value_CAA1=Handhaving nodig?
+value_CAA2=Autorisatietype:
+value_CAA3=CA-domeinnaam
 value_caa_issue=Enkel domein cert
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=URL van beleidsschending

bind8/lang/no

@@ -517,8 +517,6 @@ value_dmarcnop=Samme som dette domenet
 value_dmarcaspf=Krev streng SPF justering
 value_dmarcadkim=Krev streng DKIM justering
 value_dmarcnor=Ikke send
-value_CAA1=Krev håndhevelse?
-value_CAA2=Autorisasjonstype
 value_caa_issue=Enkelt-domene sert
 value_caa_issuewild=Wildcard sert
 value_caa_iodef=URL ved brudd på retningslinjer

bind8/lang/no.auto

@@ -3,4 +3,6 @@ value_dmarcfo0=Rapporter om DKIM og SPF mislyktes
 value_dmarcfo1=Rapporter om enten DKIM eller SPF mislyktes
 value_dmarcfod=Rapporter om signaturevaluering mislyktes
 value_dmarcfos=Rapporter om SPF-evaluering mislyktes
-value_CAA0=Krever håndheving?
+value_CAA1=Krever håndheving?
+value_CAA2=Autorisasjonstype
+value_CAA3=CA-domenenavn

bind8/lang/pl.auto

@@ -43,9 +43,9 @@ value_dmarcfo0=Zgłoś, jeśli DKIM i SPF zawiodły
 value_dmarcfo1=Zgłoś, jeśli DKIM lub SPF zawiodły
 value_dmarcfod=Zgłoś, jeśli ocena podpisu nie powiodła się
 value_dmarcfos=Zgłoś, jeśli ocena SPF nie powiodła się
-value_CAA0=Wymagać egzekwowania?
-value_CAA1=Wymagać wykonania?
-value_CAA2=Rodzaj autoryzacji
+value_CAA1=Wymagać egzekwowania?
+value_CAA2=Typ autoryzacji
+value_CAA3=Nazwa domeny CA
 value_caa_issue=Certyfikat jednej domeny
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=URL naruszenia zasad

bind8/lang/pt.auto

@@ -317,9 +317,9 @@ value_dmarcfo0=Informar se DKIM e SPF falharam
 value_dmarcfo1=Informar se DKIM ou SPF falhou
 value_dmarcfod=Reportar se a avaliação da assinatura falhar
 value_dmarcfos=Reportar se a avaliação SPF falhar
-value_CAA0=Requer aplicação?
-value_CAA1=Exigir execução?
+value_CAA1=Requer aplicação?
 value_CAA2=Tipo de autorização
+value_CAA3=Nome de domínio CA
 value_caa_issue=Certificação de domínio único
 value_caa_issuewild=Certificado curinga
 value_caa_iodef=URL de violação da política

bind8/lang/pt_BR.auto

@@ -94,9 +94,9 @@ value_dmarcfo0=Informar se DKIM e SPF falharam
 value_dmarcfo1=Informar se DKIM ou SPF falhou
 value_dmarcfod=Reportar se a avaliação da assinatura falhar
 value_dmarcfos=Reportar se a avaliação SPF falhar
-value_CAA0=Requer aplicação?
-value_CAA1=Exigir execução?
+value_CAA1=Requer aplicação?
 value_CAA2=Tipo de autorização
+value_CAA3=Nome de domínio CA
 value_caa_issue=Certificação de domínio único
 value_caa_issuewild=Certificado curinga
 value_caa_iodef=URL de violação da política

bind8/lang/ro.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Raportați dacă DKIM și SPF au eșuat
 value_dmarcfo1=Raportați dacă DKIM sau SPF au eșuat
 value_dmarcfod=Raportați dacă evaluarea semnăturii a eșuat
 value_dmarcfos=Raportați dacă evaluarea SPF a eșuat
-value_CAA0=Necesită executare?
 value_CAA1=Necesită executare?
-value_CAA2=Tipul de autorizare
+value_CAA2=Tip de autorizare
+value_CAA3=Nume de domeniu CA
 value_caa_issue=Cert domeniu unic
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=URL de încălcare a politicii

bind8/lang/ru.auto

@@ -226,9 +226,9 @@ value_dmarcfo0=Сообщать, если DKIM и SPF не прошли
 value_dmarcfo1=Сообщите, если DKIM или SPF не удалось
 value_dmarcfod=Сообщить, если оценка подписи не удалась
 value_dmarcfos=Сообщить, если оценка SPF не удалась
-value_CAA0=Требовать принудительного исполнения?
-value_CAA1=Требовать исполнения?
+value_CAA1=Требовать принудительного исполнения?
 value_CAA2=Тип авторизации
+value_CAA3=Доменное имя CA
 value_caa_issue=Однодоменный сертификат
 value_caa_issuewild=Подстановочный знак
 value_caa_iodef=URL нарушения политики

bind8/lang/sk.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Hláste, ak zlyhali DKIM a SPF
 value_dmarcfo1=Hláste, ak zlyhali DKIM alebo SPF
 value_dmarcfod=Hlásiť, ak vyhodnotenie podpisu zlyhalo
 value_dmarcfos=Hlásenie, ak zlyhalo vyhodnotenie SPF
-value_CAA0=Vyžadovať presadzovanie?
-value_CAA1=Vyžadovať vymáhanie?
+value_CAA1=Vyžadovať presadzovanie?
 value_CAA2=Typ oprávnenia
+value_CAA3=Názov domény CA
 value_caa_issue=Certifikát s jednou doménou
 value_caa_issuewild=Zástupný znak cert
 value_caa_iodef=Adresa URL na porušenie pravidiel

bind8/lang/sl.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Prijavite, če DKIM in SPF ne uspeta
 value_dmarcfo1=Prijavite, če ni uspel DKIM ali SPF
 value_dmarcfod=Prijavite, če ocena podpisa ni uspela
 value_dmarcfos=Prijavite, če ocena SPF ni uspela
-value_CAA0=Zahtevati izvršbo?
-value_CAA1=Zahtevate izvršbo?
-value_CAA2=Vrsta dovoljenja
+value_CAA1=Zahtevati izvršbo?
+value_CAA2=Vrsta avtorizacije
+value_CAA3=Ime domene CA
 value_caa_issue=Cert enojne domene
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=URL za kršitev pravilnika

bind8/lang/sv.auto

@@ -132,9 +132,9 @@ value_dmarcfo0=Rapportera om DKIM och SPF misslyckades
 value_dmarcfo1=Rapportera om antingen DKIM eller SPF misslyckades
 value_dmarcfod=Rapportera om signaturutvärderingen misslyckades
 value_dmarcfos=Rapportera om SPF-utvärderingen misslyckades
-value_CAA0=Krävs verkställighet?
-value_CAA1=Kräver verkställighet?
-value_CAA2=Tillståndstyp
+value_CAA1=Krävs verkställighet?
+value_CAA2=Behörighetstyp
+value_CAA3=CA-domännamn
 value_caa_issue=Certifikat för en enda domän
 value_caa_issuewild=Wildcard cert
 value_caa_iodef=URL-adress för policyöverträdelse

bind8/lang/th.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=รายงานว่า DKIM และ SPF ล้มเหล
 value_dmarcfo1=รายงานว่า DKIM หรือ SPF ล้มเหลวหรือไม่
 value_dmarcfod=รายงานว่าการประเมินลายเซ็นล้มเหลว
 value_dmarcfos=รายงานว่าการประเมิน SPF ล้มเหลว
-value_CAA0=ต้องบังคับใช้?
-value_CAA1=ต้องการการบังคับใช้หรือไม่
-value_CAA2=ประเภทการอนุญาต
+value_CAA1=ต้องบังคับใช้?
+value_CAA2=ประเภทการให้สิทธิ์
+value_CAA3=ชื่อโดเมน CA
 value_caa_issue=ใบรับรองโดเมนเดียว
 value_caa_issuewild=ไวลด์การ์ดใบรับรอง
 value_caa_iodef=URL การละเมิดนโยบาย

bind8/lang/tr.auto

@@ -134,9 +134,9 @@ value_dmarcfo0=DKIM ve SPF'nin başarısız olup olmadığını bildir
 value_dmarcfo1=DKIM veya SPF başarısız olursa rapor edin
 value_dmarcfod=İmza değerlendirmesi başarısız olursa bildir
 value_dmarcfos=SPF değerlendirmesi başarısız olursa bildir
-value_CAA0=Uygulama gerektiriyor mu?
-value_CAA1=Uygulama mı gerekiyor?
-value_CAA2=Yetkilendirme türü
+value_CAA1=Uygulama gerektiriyor mu?
+value_CAA2=yetkilendirme türü
+value_CAA3=CA alan adı
 value_caa_issue=Tek alan adı sertifikası
 value_caa_issuewild=Joker karakter sertifikası
 value_caa_iodef=Politika ihlali URL'si

bind8/lang/uk.auto

@@ -226,9 +226,9 @@ value_dmarcfo0=Повідомте про помилки DKIM та SPF
 value_dmarcfo1=Повідомте про помилки DKIM або SPF
 value_dmarcfod=Повідомте, якщо оцінка підпису не вдалася
 value_dmarcfos=Повідомте, якщо оцінка SPF не вдалася
-value_CAA0=Вимагати виконання?
-value_CAA1=Вимагаєте примусового виконання?
+value_CAA1=Вимагати виконання?
 value_CAA2=Тип авторизації
+value_CAA3=Доменне ім'я ЦС
 value_caa_issue=Однодоменний сертифікат
 value_caa_issuewild=Уайлдкард серт
 value_caa_iodef=URL-адреса порушення політики

bind8/lang/ur.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=اگر ڈی کے آئی ایم اور ایس پی ایف ناکا
 value_dmarcfo1=اگر DKIM یا SPF ناکام ہوا تو اطلاع دیں
 value_dmarcfod=اگر دستخط کی تشخیص ناکام ہوگئی تو رپورٹ کریں
 value_dmarcfos=اگر SPF تشخیص ناکام ہو گیا تو رپورٹ کریں
-value_CAA0=نفاذ کی ضرورت ہے؟
 value_CAA1=نفاذ کی ضرورت ہے؟
 value_CAA2=اجازت کی قسم
+value_CAA3=CA ڈومین کا نام
 value_caa_issue=ایک ڈومین سند
 value_caa_issuewild=وائلڈ کارڈ سند
 value_caa_iodef=پالیسی کی خلاف ورزی کا URL

bind8/lang/vi.auto

@@ -522,9 +522,9 @@ value_dmarcfo0=Báo cáo nếu DKIM và SPF không thành công
 value_dmarcfo1=Báo cáo nếu DKIM hoặc SPF không thành công
 value_dmarcfod=Báo cáo nếu đánh giá chữ ký không thành công
 value_dmarcfos=Báo cáo nếu đánh giá SPF không thành công
-value_CAA0=Yêu cầu thực thi?
 value_CAA1=Yêu cầu thực thi?
 value_CAA2=Loại ủy quyền
+value_CAA3=Tên miền CA
 value_caa_issue=Chứng chỉ miền đơn
 value_caa_issuewild=Chứng nhận ký tự đại diện
 value_caa_iodef=URL vi phạm chính sách

bind8/lang/zh.auto

@@ -210,9 +210,9 @@ value_dmarcfo0=报告 DKIM 和 SPF 是否失败
 value_dmarcfo1=报告 DKIM 或 SPF 是否失败
 value_dmarcfod=签名评估失败时报告
 value_dmarcfos=报告 SPF 评估是否失败
-value_CAA0=需要执法吗？
-value_CAA1=需要执法？
+value_CAA1=需要执法吗？
 value_CAA2=授权类型
+value_CAA3=CA域名
 value_caa_issue=单域证书
 value_caa_issuewild=通配符证书
 value_caa_iodef=违反政策的网址

bind8/lang/zh_TW.auto

@@ -327,9 +327,9 @@ value_dmarcfo0=報告 DKIM 和 SPF 是否失敗
 value_dmarcfo1=報告 DKIM 或 SPF 是否失敗
 value_dmarcfod=簽名評估失敗時報告
 value_dmarcfos=報告 SPF 評估是否失敗
-value_CAA0=需要執法嗎？
-value_CAA1=需要執法？
+value_CAA1=需要執法嗎？
 value_CAA2=授權類型
+value_CAA3=CA域名
 value_caa_issue=單域證書
 value_caa_issuewild=通配符證書
 value_caa_iodef=違反政策的網址

bind8/records-lib.pl

@@ -478,8 +478,12 @@ sub make_record
 my ($name, $ttl, $cls, $type, $values, $cmt) = @_;
 $type = $type eq "SPF" && !$config{'spf_record'} ? "TXT" :
         $type eq "DMARC" ? "TXT" : $type;
-return $name . ($ttl ? "\t".$ttl : "") . "\t" . $cls . "\t" . $type ."\t" .
-       $values . ($cmt ? "\t;$cmt" : "");
+return $name.
+       (defined($ttl) && $ttl ne "" ? "\t".$ttl : "").
+       "\t".$cls.
+       "\t".$type.
+       "\t".$values.
+       (defined($cmt) && $cmt ne "" ? "\t;$cmt" : "");
 }
 
 # bump_soa_record(file, &records)
@@ -863,7 +867,7 @@ if ($txt =~ /^v=dmarc1/i) {
 	my $dmarc = { };
 	foreach my $w (@w) {
 		$w = lc($w);
-		if ($w =~ /^(v|pct|ruf|rua|p|sp|adkim|aspf|fo)=(\S+)$/i) {
+		if ($w =~ /^(v|pct|ruf|rua|p|sp|adkim|aspf|fo|rf|ri)=(\S+)$/i) {
 			$dmarc->{$1} = $2;
 			}
 		else {
@@ -883,7 +887,7 @@ sub join_dmarc
 {
 my ($dmarc) = @_;
 my @rv = ( "v=DMARC1" );
-foreach my $s ("p", "pct", "ruf", "rua", "sp", "adkim", "aspf", "fo") {
+foreach my $s ("p", "pct", "ruf", "rua", "sp", "adkim", "aspf", "fo", "rf", "ri") {
 	if ($dmarc->{$s} && $dmarc->{$s} ne '') {
 		push(@rv, $s."=".$dmarc->{$s});
 		}
@@ -997,6 +1001,7 @@ if ($z->{'members'}) {
 else {
 	$fn = $z->{'file'};
 	}
+return undef if (!$fn);
 if ($abs) {
 	$fn = &absolute_path($fn);
 	}

bind8/save_record.cgi

@@ -422,6 +422,20 @@ else {
 			$dmarc->{'fo'} = $in{'dmarcfo'};
 			}
 
+		if ($in{'dmarcrf'} eq '') {
+			delete($dmarc->{'rf'});
+			}
+		else {
+			$dmarc->{'rf'} = $in{'dmarcrf'};
+			}
+
+		if ($in{'dmarcri'} eq '') {
+			delete($dmarc->{'ri'});
+			}
+		else {
+			$dmarc->{'ri'} = $in{'dmarcri'};
+			}
+
 		$vals = "\"".&join_dmarc($dmarc)."\"";
 		}
 	elsif ($in{'type'} eq 'NSEC3PARAM') {
@@ -440,6 +454,23 @@ else {
 		$vals = join(" ", $in{'value0'}, $in{'value1'},
 				  "\"$in{'value2'}\"");
 		}
+	elsif ($in{'type'} eq 'NAPTR') {
+		my $flags = join("", split(/\0/, $in{'value2'}));
+		$in{'value0'} =~ /^\d+$/ ||
+			&error($text{'edit_enaptrvalue0'});
+		$in{'value1'} =~ /^\d+$/ ||
+			&error($text{'edit_enaptrvalue1'});
+		$in{'value3'} =~ /^\S+$/ ||
+			&error($text{'edit_enaptrvalue3'});
+		if (!$in{'value4_def'} && !$in{'value5_def'}) {
+			&error($text{'edit_enaptrvalue4'});
+			}
+		$vals = join(" ", $in{'value0'}, $in{'value1'},
+			  "\"$flags\"",
+			  "\"$in{'value3'}\"",
+			  $in{'value4_def'} ? "\"\"" : "\"$in{'value4'}\"",
+			  $in{'value5_def'} ? "." : $in{'value5'});
+		}
 	else {
 		# For other record types, just save the lines
 		$in{'values'} =~ s/\r//g;

bsdfdisk/bsdfdisk-lib.pl

@@ -26,9 +26,9 @@ sub list_disks_partitions
 my @rv;
 
 # Iterate over disk devices
-foreach my $dev (glob("/dev/ada[0-9]"),
-		 glob("/dev/ad[0-9]"),
-		 glob("/dev/da[0-9]")) {
+foreach my $dev (glob("/dev/ada[0-9]"), glob("/dev/ada[0-9][0-9]"),
+		 glob("/dev/ad[0-9]"), glob("/dev/ad[0-9][0-9]"),
+		 glob("/dev/da[0-9]"), glob("/dev/da[0-9][0-9]")) {
 	next if (!-r $dev || -l $dev);
 	my $disk = { 'device' => $dev,
 		     'prefix' => $dev,

cluster-passwd/index.cgi

@@ -39,16 +39,13 @@ if ($config{'max_users'} && @ulist > $config{'max_users'}) {
 	}
 else {
 	# Show as table of users
-	print &ui_table_start($passwd::text{'index_header'}, "width=100%");
+	my @grid;
 	for($i=0; $i<@ulist; $i++) {
-		if ($i%4 == 0) { print "<tr>\n"; }
-		print "<td width=25%><a href=\"edit_passwd.cgi?",
-		      "user=$ulist[$i]->{'user'}\">",
-		      &html_escape($ulist[$i]->{'user'})."</a></td>\n";
-		if ($i%4 == 3) { print "</tr>\n"; }
+		push(@grid, &ui_link("edit_passwd.cgiuser=$ulist[$i]->{'user'}",
+				     &html_escape($ulist[$i]->{'user'})));
 		}
-	while($i++ % 4) { print "<td width=25%></td>\n"; }
-	print &ui_table_end();
+	print &ui_grid_table(\@grid, 4, 100, undef, undef,
+			     $passwd::text{'index_header'});
 	}
 
 &ui_print_footer("/", $text{'index'});

cluster-useradmin/cluster-useradmin-lib.pl

@@ -109,7 +109,10 @@ elsif ($uconfig{'home_style'} == 3) {
 sub server_name
 {
 my ($server) = @_;
-return $server->{'desc'} || $server->{'host'};
+my @w;
+push(@w, $server->{'host'} || &get_system_hostname());
+push(@w, "(".$server->{'desc'}.")") if ($server->{'desc'});
+return join(" ", @w);
 }
 
 # supports_gothers(&server)

cluster-useradmin/edit_host.cgi

@@ -52,23 +52,19 @@ print &ui_buttons_end();
 
 # Show users and groups
 print &ui_hr();
-print &ui_table_start($text{'host_users'}, undef, 2);
 my @ugrid;
 foreach my $u (@{$host->{'users'}}) {
 	push(@ugrid, &ui_link("edit_user.cgi?user=".&urlize($u->{'user'}).
 			      "&host=".&urlize($server->{'id'}), $u->{'user'}));
 	}
-print &ui_table_row(undef, &ui_grid_table(\@ugrid, 4), 2);
-print &ui_table_end();
+print &ui_grid_table(\@ugrid, 4, 100, undef, undef, $text{'host_users'});
 
-print &ui_table_start($text{'host_groups'}, undef, 2);
 my @ggrid;
 foreach $g (@{$host->{'groups'}}) {
 	push(@ggrid, &ui_link("edit_group.cgi?group=".&urlize($g->{'group'}).
 			     "&host=".&urlize($server->{'id'}), $g->{'group'}));
 	}
-print &ui_table_row(undef, &ui_grid_table(\@ggrid, 4), 2);
-print &ui_table_end();
+print &ui_grid_table(\@ggrid, 4, 100, undef, undef, $text{'host_groups'});
 
 &ui_print_footer("", $text{'index_return'});
 

cluster-useradmin/index.cgi

@@ -24,8 +24,7 @@ foreach $h (@hosts) {
 	local ($s) = grep { $_->{'id'} == $h->{'id'} } @servers;
 	next if (!$s);
 	local ($link) = $config{'conf_host_links'} ? "edit_host.cgi?id=$h->{'id'}" : "#";
-	push(@titles, $s->{'desc'} ? $s->{'desc'}
-				   : "$s->{'host'}:$s->{'port'}");
+	push(@titles, &server_name($s));
 	push(@links, $link);
 	push(@icons, &get_webprefix()."/servers/images/".
 		     $s->{'type'}.".gif");
@@ -151,6 +150,8 @@ if (@hosts) {
 			&ui_textbox("what", undef, 15));
 		}
 
+	print &ui_buttons_hr();
+
 	if ($config{'conf_add_user'}) {
 		print &ui_buttons_row("user_form.cgi",
 				      $text{'index_newuser'},
@@ -165,6 +166,8 @@ if (@hosts) {
 				      [ [ "new", 1 ] ]);
 		}
 
+	print &ui_buttons_hr();
+
 	if ($config{'conf_allow_refresh'}) {
 		print &ui_buttons_row("refresh.cgi",
 				      $text{'index_refresh'}, undef, undef,

cluster-useradmin/lang/en

@@ -5,7 +5,7 @@ index_add=Add server
 index_gadd=Add servers in group
 index_users=Users and Groups
 index_return=servers list
-index_refresh=Refresh user and group lists
+index_refresh=Refresh user and group lists on
 index_finduser=Find users whose
 index_findgroup=Find groups whose
 index_newuser=Add User

cluster-usermin/upgrade.cgi

@@ -47,21 +47,21 @@ elsif ($in{'source'} == 2) {
 	close(FILE);
 	unlink($file);
 	if ($in{'mode'} eq 'rpm') {
-		$progress_callback_url = "http://$usermin::update_host/download/rpm/usermin-$site_version-1.noarch.rpm";
+		$progress_callback_url = "http://$usermin::update_host/download/rpm/usermin-${site_version}-1.noarch.rpm";
 		&http_download($usermin::update_host, $usermin::update_port,
-		  "/download/rpm/usermin-$site_version-1.noarch.rpm", $file,
+		  "/download/rpm/usermin-${site_version}-1.noarch.rpm", $file,
 		  \$error, \&progress_callback);
 		}
 	elsif ($in{'mode'} eq 'deb') {
-		$progress_callback_url = "http://$usermin::update_host/download/deb/usermin_$site_version.deb";
+		$progress_callback_url = "http://$usermin::update_host/download/deb/usermin_${site_version}_all.deb";
 		&http_download($usermin::update_host, $usermin::update_port,
-		  "/download/deb/usermin_$site_version.deb", $file,
+		  "/download/deb/usermin_${site_version}_all.deb", $file,
 		  \$error, \&progress_callback);
 		}
 	else {
-		$progress_callback_url = "http://$usermin::update_host/download/usermin-$site_version.tar.gz";
+		$progress_callback_url = "http://$usermin::update_host/download/usermin-${site_version}.tar.gz";
 		&http_download($usermin::update_host, $usermin::update_port,
-		  "/download/usermin-$site_version.tar.gz", $file,
+		  "/download/usermin-${site_version}.tar.gz", $file,
 		  \$error, \&progress_callback);
 		}
 	$error && &inst_error($error);
@@ -95,7 +95,7 @@ if (`rpm -qp $file 2>&1` =~ /(^|\n)usermin-(\d+\.\d+)/) {
 	$mode = "rpm";
 	$version = $2;
 	}
-elsif (`dpkg --info $file 2>&1` =~ /Package:\s+usermin-(\d+\.\d+)/) {
+elsif (`dpkg --info $file 2>&1` =~ /Package:\s+usermin\n\s*Version:\s+(\d+\.\d+)/) {
         # Looks like a Usermin Debian package
         $mode = "deb";
         $version = $2;

cron/CHANGELOG

@@ -45,3 +45,5 @@ Added buttons to move cron jobs to the top and bottom of the list.
 Added a page for manually editing cron jobs.
 ---- Changes since 1.900 ----
 The next run time of each cron job can be displayed by enable a new config option.
+---- Changes since 1.980 ----
+Added buttons to stop and start crond on the main page.

cron/acl_security.pl

@@ -56,6 +56,10 @@ print &ui_table_row($text{'acl_hourly'},
 	&ui_radio("hourly", $_[0]->{'hourly'},
 		[ [ 1, $text{'yes'} ], [ 0, $text{'no'} ],
 		  [ 2, $text{'acl_hourlydef'} ] ]), 3);
+
+print &ui_table_row($text{'acl_stop'},
+	&ui_radio("stop", $_[0]->{'stop'},
+		[ [ 1, $text{'yes'} ], [ 0, $text{'no'} ] ]));
 }
 
 # acl_security_save(&options)
@@ -77,5 +81,6 @@ $_[0]->{'delete'} = $in{'delete'};
 $_[0]->{'move'} = $in{'move'};
 $_[0]->{'kill'} = $in{'kill'};
 $_[0]->{'hourly'} = $in{'hourly'};
+$_[0]->{'stop'} = $in{'stop'};
 }
 

cron/bootup.cgi

@@ -0,0 +1,17 @@
+#!/usr/local/bin/perl
+# Enable or disable crond at boot time
+
+require './cron-lib.pl';
+&ReadParse();
+&foreign_require("init");
+$access{'stop'} || &error($text{'bootup_ecannot'});
+$init = $config{'init_name'};
+if ($in{'boot'}) {
+	&init::enable_at_boot($init);
+	}
+else {
+	&init::disable_at_boot($init);
+	}
+&webmin_log($in{'boot'} ? "bootup" : "bootdown");
+&redirect("");
+

cron/config-debian-linux

@@ -21,3 +21,4 @@ show_comment=0
 hourly_only=0
 max_jobs=100
 show_next=0
+init_name=cron

cron/config-debian-linux-2.1-ALL

@@ -23,3 +23,4 @@ show_comment=0
 hourly_only=0
 max_jobs=100
 show_next=0
+init_name=cron

cron/config-redhat-linux

@@ -23,3 +23,4 @@ show_comment=0
 hourly_only=0
 max_jobs=100
 show_next=0
+init_name=crond

cron/config.info

@@ -25,3 +25,4 @@ system_crontab=Path to Vixie-Cron system crontab file,0
 single_file=Path to single user crontab file,0
 cronfiles_dir=Path to extra cron files directory,3,None
 run_parts=run-parts command,0
+init_name=Cron daemon bootup action name,3,None exists

cron/cron-lib.pl

@@ -310,7 +310,7 @@ elsif ($fcron) {
 	}
 else {
 	system("cp ".&translate_filename("$config{'cron_dir'}/$_[0]->{'user'}").
-	       " $cron_temp_file 2>/dev/null");
+	       " ".quotemeta($cron_temp_file)." 2>/dev/null");
 	}
 }
 
@@ -378,7 +378,7 @@ else {
 	$_[0]->{'line'} = 0;
 	splice(@$lref, 0, 0, &cron_job_line($_[0]));
 	&flush_file_lines();
-	system("chown $_[0]->{'user'} $cron_temp_file");
+	&set_ownership_permissions($_[0]->{'user'}, undef, undef, $cron_temp_file);
 	&copy_crontab($_[0]->{'user'});
 	$_[0]->{'file'} = "$config{'cron_dir'}/$_[0]->{'user'}";
 	$_[0]->{'index'} = scalar(@cron_jobs_cache);
@@ -497,8 +497,8 @@ if (&read_file_contents($cron_temp_file) =~ /\S/) {
 	local $rv;
 	if (!&has_crontab_cmd()) {
 		# We have no crontab command .. emulate by copying to user file
-		$rv = system("cat $cron_temp_file".
-			" >$config{'cron_dir'}/$_[0] 2>/dev/null");
+		$rv = system("cat ".quotemeta($cron_temp_file).
+			" >".quotemeta("$config{'cron_dir'}/$_[0]")." 2>/dev/null");
 		&set_ownership_permissions($_[0], undef, 0600,
 			"$config{'cron_dir'}/$_[0]");
 		}
@@ -518,12 +518,12 @@ if (&read_file_contents($cron_temp_file) =~ /\S/) {
 		chdir("/");
 		if ($single_user) {
 			$rv = system($config{'cron_user_edit_command'}.
-				     " >$temp 2>&1 <$notemp");
+				     " >".quotemeta($temp)." 2>&1 <".quotemeta($notemp));
 			}
 		else {
 			$rv = system(
 				&user_sub($config{'cron_edit_command'},$_[0]).
-				" >$temp 2>&1 <$notemp");
+				" >".quotemeta($temp)." 2>&1 <".quotemeta($notemp));
 			}
 		unlink($notemp);
 		chdir($oldpwd);
@@ -533,12 +533,12 @@ if (&read_file_contents($cron_temp_file) =~ /\S/) {
 		if ($single_user) {
 			$rv = &execute_command(
 				$config{'cron_user_copy_command'},
-				$cron_temp_file, $temp, $temp);
+				quotemeta($cron_temp_file), quotemeta($temp), quotemeta($temp));
 			}
 		else {
 			$rv = &execute_command(
 				&user_sub($config{'cron_copy_command'}, $_[0]),
-				$cron_temp_file, $temp, $temp);
+				quotemeta($cron_temp_file), quotemeta($temp), quotemeta($temp));
 			}
 	}
 	local $out = &read_file_contents($temp);

cron/defaultacl

@@ -8,3 +8,4 @@ delete=1
 move=1
 kill=1
 hourly=2
+stop=1

cron/index.cgi

@@ -286,5 +286,34 @@ else {
 	print &ui_links_row(\@crlinks);
 	}
 
+# If there is an init script that runs crond, show status
+&foreign_require("init");
+my $init = $config{'init_name'};
+my $atboot;
+if ($access{'stop'} && $init && ($atboot = &init::action_status($init))) {
+	print &ui_hr();
+	print &ui_buttons_start();
+
+	# Running now?
+	my $r = &init::status_action($init);
+	if ($r == 1) {
+		print &ui_buttons_row("stop.cgi", $text{'index_stop'},
+				      $text{'index_stopdesc'});
+		}
+	elsif ($r == 0) {
+		print &ui_buttons_row("start.cgi", $text{'index_start'},
+				      $text{'index_startdesc'});
+		}
+
+	# Start at boot?
+	print &ui_buttons_row("bootup.cgi", $text{'index_boot'},
+			      $text{'index_bootdesc'}, undef,
+			      &ui_radio("boot", $atboot == 2 ? 1 : 0,
+					[ [ 1, $text{'yes'} ],
+					  [ 0, $text{'no'} ] ]));
+
+	print &ui_buttons_end();
+	}
+
 &ui_print_footer("/", $text{'index'});
 

cron/lang/en

@@ -31,6 +31,12 @@ index_ok=Search
 index_searchres=Cron jobs matching $1 ..
 index_reset=Reset search.
 index_econfigcheck=Cron jobs cannot be managed on your system, as the module configuration is not valid : $1
+index_stop=Stop Cron Daemon
+index_stopdesc=Shut down the <tt>crond</tt> background server process that runs scheduled cron jobs. This will prevent commands from executing at their specified times.
+index_start=Start Cron Daemon
+index_startdesc=Start up the <tt>crond</tt> background server process that runs scheduled cron jobs. <font color=red><b>This is required for commands to execute at their specified times.</b></font>
+index_boot=Start Cron Daemon Boot?
+index_bootdesc=Change this setting to enable or disable starting the scheduled cron jobs daemon at system boot time.
 
 edit_title=Edit Cron Job
 create_title=Create Cron Job
@@ -128,6 +134,7 @@ acl_move=Can move Cron jobs?
 acl_kill=Can terminate Cron jobs?
 acl_hourly=Limit jobs to at most hourly?
 acl_hourlydef=As set in Module Config
+acl_stop=Can stop and start the Cron daemon?
 
 log_modify=Modified Cron job for $1
 log_modify_l=Modified Cron job "$2" for $1
@@ -146,6 +153,10 @@ log_move=Moved Cron job for $1
 log_crons_delete=Deleted $1 Cron jobs
 log_crons_disable=Disabled $1 Cron jobs
 log_crons_enable=Enabled $1 Cron jobs
+log_stop=Stopped cron daemon
+log_start=Started cron daemon
+log_bootup=Enabled cron daemon at boot
+log_bootdown=Disabled cron daemon at boot
 
 ecopy=An error was detected in the new Cron configuration : $1 $2
 
@@ -195,4 +206,10 @@ manual_editing=Use the text box below to edit Cron jobs in $1. Be careful, as no
 manual_efile=Selected file is not valid!
 manual_ecannot=You are not allowed to manually edit cron jobs
 
+stop_err=Failed to stop daemon
+start_err=Failed to start daemon
+stop_ecannot=You are not allowed to stop the daemon
+start_ecannot=You are not allowed to start the daemon
+bootup_ecannot=You are not allowed to enable the daemon at boot
+
 __norefs=1

cron/log_parser.pl

@@ -37,11 +37,8 @@ elsif ($action eq 'exec' || $action eq 'kill') {
 		     "<tt>$object</tt>",
 		     "<tt>".&html_escape($p->{'command'})."</tt>");
 	}
-elsif ($action eq 'allow') {
-	return $text{'log_allow'};
-	}
 else {
-	return undef;
+	return $text{'log_'.$action};
 	}
 }
 

cron/negativeacl

@@ -0,0 +1 @@
+stop=0

cron/save_allow.cgi

@@ -4,6 +4,7 @@
 
 require './cron-lib.pl';
 &ReadParse();
+$access{'allow'} || &error($text{'allow_ecannot'});
 
 &lock_file($config{cron_allow_file});
 &lock_file($config{cron_deny_file});

cron/start.cgi

@@ -0,0 +1,14 @@
+#!/usr/local/bin/perl
+# Start crond
+
+require './cron-lib.pl';
+&error_setup($text{'start_err'});
+$access{'stop'} || &error($text{'start_ecannot'});
+&foreign_require("init");
+my $init = $config{'init_name'};
+my ($ok, $err) = &init::start_action($init);
+&error($err) if (!$ok);
+&webmin_log("start");
+&redirect("");
+
+

cron/stop.cgi

@@ -0,0 +1,14 @@
+#!/usr/local/bin/perl
+# Stop crond
+
+require './cron-lib.pl';
+&error_setup($text{'stop_err'});
+$access{'stop'} || &error($text{'stop_ecannot'});
+&foreign_require("init");
+my $init = $config{'init_name'};
+my ($ok, $err) = &init::stop_action($init);
+&error($err) if (!$ok);
+&webmin_log("stop");
+&redirect("");
+
+

dhcpd/list_leases.cgi

@@ -23,8 +23,21 @@ print "Refresh: $config{'lease_refresh'}\r\n"
 %ranges = ( );
 $conf = &get_config();
 @subnets = &find("subnet", $conf);
-foreach $shared (&find("shared-network", $conf)) {
+@shareds = &find("shared-network", $conf);
+foreach $shared (@shareds) {
 	push(@subnets, &find("subnet", $shared->{'members'}));
+	@ranges = &find("range", $shared->{'members'});
+	foreach $pool (&find("pool", $shared->{'members'})) {
+		push(@ranges, &find("range", $pool->{'members'}));
+		}
+	foreach $range (@ranges) {
+		local @rv = @{$range->{'values'}};
+		shift(@rv) if ($rv[0] eq "dynamic-bootp");
+		foreach $ip (&expand_ip_range($rv[0], $rv[1])) {
+			$ranges{$ip} = $shared;
+			$shared->{'ips'}++;
+			}
+		}
 	}
 foreach $subnet (@subnets) {
 	if ($in{'network'}) {
@@ -111,7 +124,7 @@ else {
 		}
 
 	if ($in{'bysubnet'}) {
-		# Show table of subnets, with lease usage
+		# Show table of subnets and shared nets, with lease usage
 		print &ui_columns_start([
 			$text{'index_net'}, $text{'index_desc'},
 			$text{'listl_size'}, $text{'listl_used'}, 
@@ -135,6 +148,25 @@ else {
 					"",
 				]);
 			}
+		foreach $shared (grep { $_->{'ips'} } @shareds) {
+			%used = ( );
+			foreach $lease (@leases) {
+				$r = $ranges{$lease->{'values'}->[0]};
+				if ($r eq $shared && !$lease->{'expired'}) {
+					$used{$lease->{'values'}->[0]}++;
+					}
+				}
+			$used = scalar(keys %used);
+			print &ui_columns_row([
+				$shared->{'values'}->[0],
+				&html_escape($shared->{'comment'}),
+				$shared->{'ips'},
+				$used,
+				$shared->{'ips'} ?
+					int(100*$used / $shared->{'ips'})."%" :
+					"",
+				]);
+			}
 		print &ui_columns_end();
 		}
 	elsif (@leases) {

fastrpc.cgi

@@ -21,10 +21,17 @@ if ($access{'rpc'} == 0 || $access{'rpc'} == 2 &&
 	exit;
 	}
 
-# Find a free port
+# Will IPv6 work?
 &get_miniserv_config(\%miniserv);
+$use_ipv6 = 0;
+if ($miniserv{'ipv6'}) {
+	eval "use Socket6";
+	$use_ipv6 = 1 if (!$@);
+	}
+
+# Find a free port
 $port = $miniserv{'port'} || 10000;
-$aerr = &allocate_socket(MAIN, \$port);
+$aerr = &allocate_socket(MAIN, $use_ipv6 ? MAIN6 : undef, \$port);
 if ($aerr) {
 	print "0 $aerr\n";
 	exit;
@@ -55,13 +62,24 @@ untie(*STDOUT);
 # Accept the TCP connection
 local $rmask;
 vec($rmask, fileno(MAIN), 1) = 1;
+if ($use_ipv6) {
+	vec($rmask, fileno(MAIN6), 1) = 1;
+	}
 $sel = select($rmask, undef, undef, 60);
 if ($sel <= 0) {
 	print STDERR "fastrpc: accept timed out\n"
 		if ($gconfig{'rpcdebug'});
 	exit;
 	}
-$acptaddr = accept(SOCK, MAIN);
+if (vec($rmask, fileno(MAIN), 1)) {
+	$acptaddr = accept(SOCK, MAIN);
+	}
+elsif ($use_ipv6 && vec($rmask, fileno(MAIN6), 1)) {
+	$acptaddr = accept(SOCK, MAIN6);
+	}
+else {
+	die "No connection on any socket!";
+	}
 die "accept failed : $!" if (!$acptaddr);
 $oldsel = select(SOCK);
 $| = 1;
@@ -135,16 +153,25 @@ while(1) {
 					       &tempname();
 		print STDERR "fastrpc: tcpwrite $file\n" if ($gconfig{'rpcdebug'});
 		local $tsock = time().$$;
+		local $tsock6 = $use_ipv6 ? time().$$."v6" : undef;
 		local $tport = $port + 1;
-		&allocate_socket($tsock, \$tport);
+		&allocate_socket($tsock, $tsock6, \$tport);
 		if (!fork()) {
 			# Accept connection in separate process
 			print STDERR "fastrpc: tcpwrite $file port $tport\n" if ($gconfig{'rpcdebug'});
 			local $rmask;
 			vec($rmask, fileno($tsock), 1) = 1;
+			if ($use_ipv6) {
+				vec($rmask, fileno($tsock6), 1) = 1;
+				}
 			local $sel = select($rmask, undef, undef, 30);
 			exit if ($sel <= 0);
-			accept(TRANS, $tsock) || exit;
+			if (vec($rmask, fileno($tsock), 1)) {
+				accept(TRANS, $tsock) || exit;
+				}
+			elsif ($use_ipv6 && vec($rmask, fileno($tsock6), 1)) {
+				accept(TRANS, $tsock6) || exit;
+				}
 			print STDERR "fastrpc: tcpwrite $file accepted\n" if ($gconfig{'rpcdebug'});
 			local $buf;
 			local $err;
@@ -171,6 +198,7 @@ while(1) {
 			exit;
 			}
 		close($tsock);
+		close($tsock6);
 		print STDERR "fastrpc: tcpwrite $file done\n" if ($gconfig{'rpcdebug'});
 		$rawrv = &serialise_variable(
 			{ 'status' => 1, 'rv' => [ $file, $tport ] } );
@@ -203,15 +231,24 @@ while(1) {
 		else {
 			binmode(FILE);
 			local $tsock = time().$$;
+			local $tsock6 = $use_ipv6 ? time().$$."v6" : undef;
 			local $tport = $port + 1;
-			&allocate_socket($tsock, \$tport);
+			&allocate_socket($tsock, $tsock6, \$tport);
 			if (!fork()) {
 				# Accept connection in separate process
 				local $rmask;
 				vec($rmask, fileno($tsock), 1) = 1;
+				if ($use_ipv6) {
+					vec($rmask, fileno($tsock6), 1) = 1;
+					}
 				local $sel = select($rmask, undef, undef, 30);
 				exit if ($sel <= 0);
-				accept(TRANS, $tsock) || exit;
+				if (vec($rmask, fileno($tsock), 1)) {
+					accept(TRANS, $tsock) || exit;
+					}
+				elsif (vec($rmask, fileno($tsock6), 1)) {
+					accept(TRANS, $tsock6) || exit;
+					}
 				local $buf;
 				while(read(FILE, $buf, 1024) > 0) {
 					print TRANS $buf;
@@ -222,6 +259,7 @@ while(1) {
 				}
 			close(FILE);
 			close($tsock);
+			close($tsock6);
 			print STDERR "fastrpc: tcpread $arg->{'file'} done\n" if ($gconfig{'rpcdebug'});
 			$rawrv = &serialise_variable(
 				{ 'status' => 1, 'rv' => [ $arg->{'file'}, $tport ] } );
@@ -308,20 +346,36 @@ while(1) {
 	$rcount++;
 	}
 
-# allocate_socket(handle, &port)
+# allocate_socket(handle, ipv6-handle, &port)
 sub allocate_socket
 {
-local ($fh, $port) = @_;
+local ($fh, $fh6, $port) = @_;
 local $proto = getprotobyname('tcp');
 if (!socket($fh, PF_INET, SOCK_STREAM, $proto)) {
 	return "socket failed : $!";
 	}
 setsockopt($fh, SOL_SOCKET, SO_REUSEADDR, pack("l", 1));
+if ($fh6) {
+	if (!socket($fh6, PF_INET6(), SOCK_STREAM, $proto)) {
+		return "socket6 failed : $!";
+		}
+	setsockopt($fh6, SOL_SOCKET, SO_REUSEADDR, pack("l", 1));
+	setsockopt($fh6, 41, 26, pack("l", 1));	# IPv6 only
+	}
 while(1) {
 	$$port++;
-	last if (bind($fh, sockaddr_in($$port, INADDR_ANY)));
+	$pack = pack_sockaddr_in($$port, INADDR_ANY);
+	next if (!bind($fh, $pack));
+	if ($fh6) {
+		$pack6 = pack_sockaddr_in6($$port, in6addr_any());
+		next if (!bind($fh6, $pack6));
+		}
+	last;
+	}
+listen($fh, SOMAXCONN) || return "listen failed : $!";
+if ($fh6) {
+	listen($fh6, SOMAXCONN) || return "listen6 failed : $!";
 	}
-listen($fh, SOMAXCONN) || return "listed failed : $!";
 return undef;
 }
 

fdisk/fdisk-lib.pl

@@ -226,6 +226,7 @@ if (!-d "/proc/ide") {
 
 # Get Linux disk ID mapping
 local %id_map;
+local %all_id_map;
 local $id_dir = "/dev/disk/by-id";
 opendir(IDS, $id_dir);
 foreach my $id (readdir(IDS)) {
@@ -233,6 +234,8 @@ foreach my $id (readdir(IDS)) {
 	if ($id_link) {
 		local $id_real = &simplify_path(&resolve_links("$id_dir/$id"));
 		$id_map{$id_real} = $id;
+		$all_id_map{$id_real} ||= [];
+		push(@{$all_id_map{$id_real}}, $id);
 		}
 	}
 closedir(IDS);
@@ -440,6 +443,8 @@ while(<FDISK>) {
 
 		$disk->{'id'} = $id_map{$disk->{'device'}} ||
 				$id_map{"/dev/$short"};
+		$disk->{'ids'} = $all_id_map{$disk->{'device'}} ||
+				 $all_id_map{"/dev/$short"};
 
 		push(@disks, $disk);
 		}

filemin/filemin-lib.pl

@@ -486,11 +486,23 @@ foreach my $fref (@{$files_to_extract}) {
     my $cwd = $fref->{'path'};
     my $name = $fref->{'file'};
 
-    my $extract_to = "$cwd/" . fileparse("$cwd/$name", qr/\.[^.]*/);
-    if (-e $extract_to) {
-        $extract_to .= "_" . int(rand(1000)) . $$;
+    my $extract_to = $cwd;
+    if (!$in{'overwrite_existing'}) {
+        my ($file_name) = $name =~ /(?|(.*)\.((?|tar|wbm|wbt)\..*)|(.*)\.([a-zA-Z]+\.(?|gpg|pgp))|(.*)\.(?=(.*))|(.*)())/;
+        if (!-e "$cwd/$file_name") {
+            $extract_to = "$cwd/$file_name";
+        } else {
+            my $__ = 1;
+            for (;;) {
+                my $new_dir_name = "$file_name(" . $__++ . ")";
+                if (!-e "$cwd/$new_dir_name") {
+                    $extract_to = "$cwd/$new_dir_name";
+                    last;
+                }
+            }
+        }
     }
-    mkdir($extract_to);
+    mkdir("$extract_to");
     
     my $archive_type = mimetype($cwd . '/' . $name);
 

filemin/lang/en

@@ -166,3 +166,4 @@ index_return=file listing
 upload_dirs=Directory Upload
 extract_uploaded=Extract Compressed
 extract_cmd_not_avail=Could not extract $1 file as $2 command is missing
+overwrite_existing=Overwrite Existing

filemin/unauthenticated/dropdown/fg.menu.js

@@ -121,13 +121,13 @@ function Menu(caller, options){
 				case 37: // left arrow 
 					if (menuType == 'flyout') {
 						$(event.target).trigger('mouseout');
-						if ($('.'+options.flyOutOnState).size() > 0) { $('.'+options.flyOutOnState).trigger('mouseover'); };
+						if ($('.'+options.flyOutOnState).length > 0) { $('.'+options.flyOutOnState).trigger('mouseover'); };
 					};
 					
 					if (menuType == 'ipod') {
 						$(event.target).trigger('mouseout');
-						if ($('.fg-menu-footer').find('a').size() > 0) { $('.fg-menu-footer').find('a').trigger('click'); };
-						if ($('.fg-menu-header').find('a').size() > 0) { $('.fg-menu-current-crumb').prev().find('a').trigger('click'); };
+						if ($('.fg-menu-footer').find('a').length > 0) { $('.fg-menu-footer').find('a').trigger('click'); };
+						if ($('.fg-menu-header').find('a').length > 0) { $('.fg-menu-current-crumb').prev().find('a').trigger('click'); };
 						if ($('.fg-menu-current').prev().is('.fg-menu-indicator')) {
 							$('.fg-menu-current').prev().trigger('mouseover');							
 						};						
@@ -138,7 +138,7 @@ function Menu(caller, options){
 				case 38: // up arrow 
 					if ($(event.target).is('.' + options.linkHover)) {	
 						var prevLink = $(event.target).parent().prev().find('a:eq(0)');						
-						if (prevLink.size() > 0) {
+						if (prevLink.length > 0) {
 							$(event.target).trigger('mouseout');
 							prevLink.trigger('mouseover');
 						};						
@@ -165,7 +165,7 @@ function Menu(caller, options){
 				case 40: // down arrow 
 					if ($(event.target).is('.' + options.linkHover)) {
 						var nextLink = $(event.target).parent().next().find('a:eq(0)');						
-						if (nextLink.size() > 0) {							
+						if (nextLink.length > 0) {							
 							$(event.target).trigger('mouseout');
 							nextLink.trigger('mouseover');
 						};				
@@ -190,7 +190,7 @@ function Menu(caller, options){
 		});
 	};
 	
-	this.create = function(){	
+	this.create = function() {
 		container.css({ width: options.width }).appendTo('body').find('ul:first').not('.fg-menu-breadcrumb').addClass('fg-menu');
 		container.find('ul, li a').addClass('ui-corner-all');
 		
@@ -201,7 +201,7 @@ function Menu(caller, options){
 		container.find('a').attr('tabindex', '-1');
 		
 		// when there are multiple levels of hierarchy, create flyout or drilldown menu
-		if (container.find('ul').size() > 1) {
+		if (container.find('ul').length > 1) {
 			if (options.flyOut) { menu.flyout(container, options); }
 			else { menu.drilldown(container, options); }	
 		}
@@ -239,6 +239,9 @@ function Menu(caller, options){
 		
 		menu.setPosition(container, caller, options);
 		menu.menuExists = true;
+
+		// Hide empty
+		container.find('a:empty').parent('li').hide()
 	};
 	
 	this.chooseItem = function(item){
@@ -386,7 +389,7 @@ Menu.prototype.drilldown = function(container, options) {
 		
 					// initialize "back" link
 					if (options.backLink) {
-						if (footer.find('a').size() == 0) {
+						if (footer.find('a').length == 0) {
 							footer.show();
 							$('<a href="#"><span class="ui-icon ui-icon-triangle-1-w"></span> <span>Back</span></a>')
 								.appendTo(footer)
@@ -402,7 +405,7 @@ Menu.prototype.drilldown = function(container, options) {
 					}
 					// or initialize top breadcrumb
 		    		else { 
-		    			if (breadcrumb.find('li').size() == 1){				
+		    			if (breadcrumb.find('li').length == 1){				
 							breadcrumb.empty().append(firstCrumb);
 							firstCrumb.find('a').click(function(){
 								menu.resetDrilldownMenu();
@@ -419,7 +422,7 @@ Menu.prototype.drilldown = function(container, options) {
 									menu.chooseItem(this);
 								}
 								else {
-									var newLeftVal = - ($('.fg-menu-current').parents('ul').size() - 1) * 180;
+									var newLeftVal = - ($('.fg-menu-current').parents('ul').length - 1) * 180;
 									topList.animate({ left: newLeftVal }, options.crossSpeed, function(){
 										setPrevMenu();
 									});

filemin/unauthenticated/templates/dialogs.html

@@ -337,6 +337,7 @@
           </div>
           <input type="checkbox" data-id="webkitdirectory" onchange="document.querySelector('#upload-form > #upfiles').toggleAttribute('webkitdirectory')"> $text{'upload_dirs'}
           <input type="checkbox" data-id="extract_uploaded" onchange="t=document.querySelector('#upload-form'),v=t.getAttribute('action'),x='&extract_uploaded=1',this.checked?t.setAttribute('action', t.getAttribute('action') + x):t.setAttribute('action',t.getAttribute('action').replace(x,''))"> $text{'extract_uploaded'}
+          <input type="checkbox" data-id="overwrite_existing" onchange="t=document.querySelector('#upload-form'),v=t.getAttribute('action'),x='&overwrite_existing=1',this.checked?t.setAttribute('action', t.getAttribute('action') + x):t.setAttribute('action',t.getAttribute('action').replace(x,''))"> $text{'overwrite_existing'}
       </div>
       <div class="modal-footer">
         <button type="button" class="btn btn-primary" onclick="uploadFiles()">$text{'upload_files'}</button>

filemin/unauthenticated/templates/legacy_dialogs.html

@@ -111,6 +111,8 @@
         <input type="checkbox" id="filetype" onchange="this.parentElement.querySelector('#upfiles').toggleAttribute('webkitdirectory')"><label for="filetype"> $text{'upload_dirs'}</label>
         <br>
         <input type="checkbox" id="extract_upload" onchange="t=document.querySelector('#upload-form'),v=t.getAttribute('action'),x='&extract_uploaded=1',this.checked?t.setAttribute('action', t.getAttribute('action') + x):t.setAttribute('action',t.getAttribute('action').replace(x,''))"><label for="extract_upload"> $text{'extract_uploaded'}</label>
+        <br>
+        <input type="checkbox" id="overwrite_existing" onchange="t=document.querySelector('#upload-form'),v=t.getAttribute('action'),x='&overwrite_existing=1',this.checked?t.setAttribute('action', t.getAttribute('action') + x):t.setAttribute('action',t.getAttribute('action').replace(x,''))"><label for="overwrite_existing"> $text{'overwrite_existing'}</label>
     </form>
     <div id="readyForUploadList" class="well" style="max-height: 180px;">
     </div>

filemin/upload.cgi

@@ -9,6 +9,7 @@ get_paths();
 
 my @errors;
 my @uploaded_files;
+my $uploaded_dir;
 $line = "";
 
 # Use Webmin's callback function to track progress
@@ -57,6 +58,29 @@ MAINLOOP: while(index($line,"$boundary--") == -1) {
 			if ($dir) {
 				my @dirs = split('/', $dir);
 				$dir = '/';
+				# If overwriting is not allowed check for dupes
+				if (!$in{'overwrite_existing'}) {
+					if ($dirs[0] && -e "$cwd/$dirs[0]") {
+						# As only one directory upload at a time allowed
+						# check if parent exists and if it does add
+						# predictable suffix, like `dir(1)` or `dir(2)`
+						if (!$uploaded_dir) {
+							my $__ = 1;
+							for (;;) {
+							    my $new_dir_name = "$dirs[0](" . $__++ . ")";
+							    if (!-e "$cwd/$new_dir_name") {
+									$uploaded_dir = $new_dir_name;
+							        last;
+							    	}
+								}
+							}
+						}
+					else {
+						$uploaded_dir = $dirs[0];
+						}
+					$file =~ s/^(\Q$dirs[0]\E)/$uploaded_dir/;
+					$dirs[0] = $uploaded_dir;
+				}
 				foreach my $updir (@dirs) {
 					$dir .= "$updir/";
 					if (!-e "$cwd$dir") {
@@ -66,6 +90,23 @@ MAINLOOP: while(index($line,"$boundary--") == -1) {
 					}
 				}
 			}
+		# In case of a regular file check for dupes
+		if (!$in{'overwrite_existing'}) {
+			if ($file && -e "$cwd/$file") {
+				# If file exists add predictable suffix, like `file(1)` or `file(2)`
+				my ($file_name, $file_extension) = $file =~ /(?|(.*)\.((?|tar|wbm|wbt)\..*)|(.*)\.([a-zA-Z]+\.(?|gpg|pgp))|(.*)\.(?=(.*))|(.*)())/;
+				$file_extension  = ".$file_extension" if ($file_extension);
+				my $__ = 1;
+				for (;;) {
+					my $new_file_name = "$file_name(" . $__++ . ")";
+					if (!-e "$cwd/$new_file_name$file_extension") {
+						$file = "$new_file_name$file_extension";
+						last;
+						}
+					}
+				}
+			}
+
 		# OK, we have a file, let`s save it
 		my $full = "$cwd/$file";
 		my $newfile = !-e $full;

firewall/CHANGELOG

@@ -40,3 +40,5 @@ Added support for physdev module options, for matching based on the bridged inte
 Added the open-ports.pl command which can be run from the shell to open ports on the firewall.
 ---- Changes since 1.630 ----
 Updated all screens to use Webmin's new user interface library, for a more consistent look.
+---- Changes since 1.980 ----
+Fail2ban rules are preserved when applying the IPtables configuration file.

firewall/edit_rule.cgi

@@ -345,10 +345,20 @@ print &ui_table_row($text{'edit_physdevisbridged'},
 	&print_mode("physdevisbridged", $rule->{'physdev-is-bridged'},
 		    $text{'yes'}, $text{'no'}));
 
+# IPset to match
+print &ui_table_row($text{'edit_matchset'},
+	&print_mode("matchset", $rule->{'match-set'})." ".
+	&ui_select("matchset", $rule->{'match-set'}->[1],
+		   [ map { $_->{'Name'} } &get_ipsets_active() ])." ".
+	&ui_select("matchset2", $rule->{'match-set'}->[2],
+		   [ [ "src", $text{'edit_matchsetsrc'} ],
+		     [ "dst", $text{'edit_matchsetdst'} ] ], 1, 0,
+		   $rule->{'match-set'}->[2] ? 1 : 0));
+
 print &ui_table_hr();
 
 # Show unknown modules
-@mods = grep { !/^(tcp|udp|icmp${ipvx_icmp}|multiport|mac|limit|owner|state|conntrack|tos|comment|physdev)$/ } map { $_->[1] } @{$rule->{'m'}};
+@mods = grep { !/^(tcp|udp|icmp${ipvx_icmp}|multiport|mac|limit|owner|state|conntrack|tos|comment|physdev|set)$/ } map { $_->[1] } @{$rule->{'m'}};
 print &ui_table_row($text{'edit_mods'},
 	&ui_textbox("mods", join(" ", @mods), 60));
 

firewall/firewall-lib.pl

@@ -175,25 +175,9 @@ foreach $d (keys %{$_[0]->{'defaults'}}) {
 	push(@lines, ":$d $_[0]->{'defaults'}->{$d} [0:0]");
 	}
 foreach $r (@{$_[0]->{'rules'}}) {
-	local $line;
+	local $line = "";
 	$line = "# $r->{'cmt'}\n" if ($r->{'cmt'});
-	$line .= "-A $r->{'chain'}";
-	foreach $a (@known_args) {
-		local ($aa = $a); $aa =~ s/^-+//;
-		if ($r->{$aa}) {
-			local @al = ref($r->{$aa}->[0]) ?
-					@{$r->{$aa}} : ( $r->{$aa} );
-			foreach $ag (@al) {
-				local $n = shift(@$ag);
-				local @w = ( $n ? ( $n ) : (), $a, @$ag );
-				@w = map { $_ =~ /'/ ? "\"$_\"" :
-					   $_ =~ /"/ ? "'".$_."'" :
-					   $_ =~ /\s/ ? "\"$_\"" : $_ } @w;
-				$line .= " ".join(" ", @w);
-				}
-			}
-		}
-	$line .= " $r->{'args'}" if ($r->{'args'} =~ /\S/);
+	$line .= &make_rule_command($r);
 	push(@lines, $line);
 	}
 push(@lines, "COMMIT");
@@ -218,26 +202,48 @@ else {
 	}
 }
 
+# make_rule_command(&rule)
+# Returns the flags needed to create a rule
+sub make_rule_command
+{
+my ($r) = @_;
+my $line = "-A $r->{'chain'}";
+foreach my $a (@known_args) {
+	my $aa = $a;
+	$aa =~ s/^-+//;
+	if ($r->{$aa}) {
+		my @al = ref($r->{$aa}->[0]) ?  @{$r->{$aa}} : ( $r->{$aa} );
+		foreach my $ag (@al) {
+			my $n = shift(@$ag);
+			my @w = ( $n ? ( $n ) : (), $a, @$ag );
+			@w = map { $_ =~ /'/ ? "\"$_\"" :
+				   $_ =~ /"/ ? "'".$_."'" :
+				   $_ =~ /\s/ ? "\"$_\"" : $_ } @w;
+			$line .= " ".join(" ", @w);
+			}
+		}
+	}
+$line .= " $r->{'args'}" if ($r->{'args'} =~ /\S/);
+return $line;
+}
+
 # get_ipsets_active()
 # return a list of active ipsets
 sub get_ipsets_active
 {
-local (@rv, $name, $set={});
+my (@rv, $name, $set);
 open(FILE, "ipset list -t 2>/dev/null |");
-LINE:
 while(<FILE>) {
-      # remove newlines, get arg and value
+	# remove newlines, get arg and value
         s/\r|\n//g;
-      local ($n, $v) = split(/: /, $_);
-      ($n) = $n =~ /(\S+)/;
-      # get values from name to number
-      $name=$v if ($n eq "Name");
-      $set->{$n}=$v;
-      if ($n eq "Number") {
-               push(@rv, $set);
-               $set={};
-              }
-      }
+	my ($n, $v) = split(/: /, $_);
+	$n =~ s/^(\S+).*/$1/;
+	if ($n eq "Name") {
+		$set = { };
+		push(@rv, $set);
+		}
+	$set->{$n} = $v;
+	}
 return @rv;
 }
 
@@ -246,35 +252,43 @@ return @rv;
 # Returns a human-readable description of some rule conditions
 sub describe_rule
 {
-local (@c, $d);
+my ($rule) = @_;
+my (@c, $d);
 foreach $d ('p', 's', 'd', 'i', 'o', 'f', 'dport',
 	    'sport', 'tcp-flags', 'tcp-option',
 	    'icmp-type', 'icmpv6-type', 'mac-source', 'limit', 'limit-burst',
 	    'ports', 'uid-owner', 'gid-owner',
 	    'pid-owner', 'sid-owner', 'ctstate', 'state', 'tos',
-	    'dports', 'sports', 'physdev-in', 'physdev-out', 'args') {
-	if ($_[0]->{$d}) {
+	    'dports', 'sports', 'physdev-in', 'physdev-out', 'match-set',
+	    'args') {
+	if ($rule->{$d}) {
 		# get name and values
-		local ($n, @v) = @{$_[0]->{$d}};
+		my ($n, @v) = @{$rule->{$d}};
 		# with additional args
 		if ($d eq 'args') {
 			# get args
-			@v = grep {/\S/} split(/ / , $_[0]->{$d});
+			@v = grep {/\S/} split(/ / , $rule->{$d});
 			# first arg is name, next are values
 			$n=shift(@v);
 			# translate src and dest parameter for ipset
-			push(@v, &text("desc_". pop(@v))) if ($n eq "--match-set");
+			push(@v, &text("desc_".pop(@v)))
+				if ($n eq "--match-set");
 			} 
 		# uppercase for p
 		@v = map { uc($_) } @v if ($d eq 'p');
 		# merge all in one for s and d
-		@v = map { join(", ", split(/,/, $_)) } @v if ($d eq 's' || $d eq 'd' );
-		# compose desc_$n$d to get localized message, provide values as $1, ..., $n
-		local $txt = &text("desc_$d$n", map { "<strong>$_</strong>" } @v);
+		@v = map { join(", ", split(/,/, $_)) } @v
+			if ($d eq 's' || $d eq 'd' );
+		# compose desc_$n$d to get myized message, provide values
+		# as $1, ..., $n
+		if ($d eq 'match-set') {
+			$v[1] = $text{'desc_'.$d.'_'.$v[1]} || $v[1];
+			}
+		my $txt = &text("desc_$d$n", map { "<b>$_</b>" } @v);
 		push(@c, $txt) if ($txt);
 		}
 	}
-local $rv;
+my $rv;
 if (@c) {
 	$rv = &text('desc_conds', join(" $text{'desc_and'} ", @c));
 	}
@@ -302,7 +316,7 @@ else {
 # Create (if necessary) the Webmin iptables init script
 sub create_webmin_init
 {
-local $res = &has_command("ip${ipvx}tables-restore");
+local $res = &iptable_restore_command();
 local $ipt = &has_command("ip${ipvx}tables");
 local $out = &backquote_command("$res -h 2>&1 </dev/null");
 if ($out =~ /\s+-w\s+/) {
@@ -378,12 +392,17 @@ foreach $c ("ip${ipvx}tables", "ip${ipvx}tables-restore", "ip${ipvx}tables-save"
 return undef;
 }
 
+sub iptables_restore_command
+{
+return &has_command("ip${ipvx}tables-legacy-restore") ||
+       &has_command("ip${ipvx}tables-restore");
+}
+
 # iptables_restore()
 # Activates the current firewall rules, and returns any error
 sub iptables_restore
 {
-local $rcmd = &has_command("ip${ipvx}tables-legacy-restore") ||
-	      "ip${ipvx}tables-restore";
+local $rcmd = &iptables_restore_command();
 local $out = &backquote_logged("cd / && $rcmd <$ipvx_save 2>&1");
 return $? ? "<pre>$out</pre>" : undef;
 }
@@ -486,13 +505,41 @@ return undef;
 sub merge_fail2ban_rules
 {
 local ($oldlive, $newlive) = @_;
-local ($oldchain) = grep { $_->{'name'} eq 'f2b-default' } @$oldlive;
-local ($newchain) = grep { $_->{'name'} eq 'f2b-default' } @$newlive;
-return if (!$oldchain);		# fail2ban was never used
-local ($oldinput) = grep { $_->{'name'} eq 'INPUT' } @$oldlive;
-return if (!$oldinput);
-local $oldrule;
-# XXX not complete yet
+
+# Get old and new filter table
+local ($oldfilter) = grep { $_->{'name'} eq 'filter' } @$oldlive;
+local ($newfilter) = grep { $_->{'name'} eq 'filter' } @$newlive;
+return if (!$oldfilter || !$newfilter);
+local $oldrules = $oldfilter->{'rules'};
+local $newrules = $newfilter->{'rules'};
+
+# Get all old fail2ban chain rules and inputs that jump to them
+local @oldrules = grep { $_->{'chain'} =~ /^f2b-/ } @$oldrules;
+return if (!@oldrules);
+local @oldjumps = grep { $_->{'chain'} eq 'INPUT' &&
+			 $_->{'j'}->[1] =~ /^f2b-/ } @$oldrules;
+
+# Get all new fail2ban chain rules and inputs that jump to them
+local @newrules = grep { $_->{'chain'} =~ /^f2b-/ } @$newrules;
+local @newjumps = grep { $_->{'chain'} eq 'INPUT' &&
+			 $_->{'j'}->[1] =~ /^f2b-/ } @newrules;
+
+# Re-create the chains
+my @oldchains = &unique(map { $_->{'chain'} } @oldrules);
+foreach my $c (@oldchains) {
+	&system_logged("ip${ipvx}tables -t filter -N $c 2>&1");
+	}
+
+# Re-create any missing old rules
+foreach my $r (@oldrules) {
+	&create_active_rule($newfilter, $r, 0);
+	}
+foreach my $j (@oldjumps) {
+	my ($nj) = grep { $_->{'j'}->[1] eq $j->{'j'}->[1] } @newjumps;
+	if (!$nj) {
+		&create_active_rule($newfilter, $j, 1);
+		}
+	}
 }
 
 # list_cluster_servers()
@@ -600,5 +647,17 @@ if (!defined($supports_conntrack_cache)) {
 return $supports_conntrack_cache;
 }
 
+# create_active_rule(&table, &rule, insert?)
+# Execute the commands to create one rule
+sub create_active_rule
+{
+my ($table, $rule, $insert) = @_;
+my $flags = &make_rule_command($rule);
+$flags =~ s/^-A /-I / if ($insert);
+my $cmd = "ip${ipvx}tables -t ".$table->{'name'}." ".$flags;
+my $out = &backquote_logged("$cmd 2>&1 </dev/null");
+return $? ? $out : undef;
+}
+
 1;
 

firewall/firewall4-lib.pl

@@ -27,7 +27,7 @@ else {
 		 '--ports', '--uid-owner', '--gid-owner',
 		 '--pid-owner', '--sid-owner', '--state', '--ctstate', '--tos',
 		 '-j', '--to-ports', '--to-destination', '--to-source',
-		 '--reject-with', '--dports', '--sports',
+		 '--reject-with', '--dports', '--sports', '--match-set',
 		 '--comment',
 		 '--physdev-is-bridged',
 		 '--physdev-is-in',

firewall/index.cgi

@@ -145,8 +145,8 @@ else {
 	if (!$config{"direct${ipvx}"}) {
 		my $err = &validate_iptables_config();
 		if ($err) {
-			print "<b>",&text('index_evalid',
-					  &html_escape($err)),"</b><p>\n";
+			print "<b><font color=red>",&text('index_evalid',
+				  &html_escape($err)),"</font></b><p>\n";
 			}
 		}
 
@@ -433,29 +433,36 @@ else {
 
 	# Show ipset overview if ipsets are availibe
         # may need to check if they are used by firewall rules
-	@ipsets  = &get_ipsets_active();
+	@ipsets = &get_ipsets_active();
 	if (@ipsets) {	
-	    print &ui_hr();
-	    print "<b>$text{'index_ipset_title'}</b>";
-	    # Generate the header
-	    local (@hcols, @tds);
-	    push(@hcols, $text{'index_ipset'}, "<b>$text{'index_ipset_name'}</b>&nbsp;&nbsp;", $text{'index_ipset_type'},
-				 $text{'index_ipset_elem'}, $text{'index_ipset_maxe'}, $text{'index_ipset_size'});
-	    push(@tds, "", "", "", "", "");
-	    print &ui_columns_start(\@hcols, 100, 0, \@tds);
-	    # Generate a row for each rule
-	    foreach $s (@ipsets) {
-		local @cols;
-		local @h= split(/ /, $s->{'Header'});
-		# print matching pínet version
-		if ($h[1] =~ /inet${ipvx}$/) {
-			push(@cols, "&nbsp;&nbsp;$h[0] $h[1]", "&nbsp;&nbsp;<b>$s->{'Name'}</b>",
-					$s->{'Type'}, $s->{'Number'}, $h[5], $s->{'Size'});
-			print &ui_columns_row(\@cols, \@tds);
+		print &ui_hr();
+		print "<b>$text{'index_ipset_title'}</b>";
+
+		# Generate the header
+		@hcols = ( $text{'index_ipset'},
+			   $text{'index_ipset_name'},
+			   $text{'index_ipset_type'},
+			   $text{'index_ipset_elem'},
+			   $text{'index_ipset_maxe'},
+			   $text{'index_ipset_size'} );
+		print &ui_columns_start(\@hcols, 100, 0);
+
+		# Generate a row for each rule
+		foreach $s (@ipsets) {
+			my @h = split(/ /, $s->{'Header'});
+			# print matching pínet version
+			if ($h[1] =~ /inet${ipvx}$/) {
+				my @cols = ( "$h[0] $h[1]",
+					     $s->{'Name'},
+					     $s->{'Type'},
+					     $s->{'Number'} || 0,
+					     $h[5],
+					     $s->{'Size'} );
+				print &ui_columns_row(\@cols);
+				}
 			}
-                }
-	    print &ui_columns_end();
-	    }
+		print &ui_columns_end();
+		}
 
 	# Display buttons for applying and un-applying the configuration,
 	# and for creating an init script if possible
@@ -524,29 +531,29 @@ else {
 &ui_print_footer("/", $text{'index'});
 
 sub external_firewall_message
-   {
-	local $fwname="";
-	local $fwconfig="@{[&get_webprefix()]}/config.cgi?firewall";
+{
+my $fwname = "";
+my $fwconfig="@{[&get_webprefix()]}/config.cgi?firewall";
 
-	# detect external firewalls
-	local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]};
-	if ($filter->{'defaults'}->{'shorewall'}) {
-        $fwname.='shorewall ';
-        	}
-	if ($filter->{'defaults'}->{'INPUT_ZONES'}) {
-        	$fwname.='firewalld ';
-        	}
-	if ($filter->{'defaults'} =~ /^f2b-|^fail2ban-/ && !$config{'filter_chain'} ) {
-        	$fwname.='fail2ban ';
-        	}
-	# warning about not using direct
-	if($fwname && !$config{"direct${ipvx}"}) {
-                print "<b><center>",
-                &text('index_filter_nodirect', $fwconfig),
-                "</b></center><p>\n";
-           }
-        # alert about the detected firewall modules
-        foreach my $word (split ' ', $fwname) {
-                print ui_alert_box(&text("index_$word", "@{[&get_webprefix()]}/$word/", $fwconfig), 'warn');
-                }
-   }
+# detect external firewalls
+local ($filter) = grep { $_->{'name'} eq 'filter' } @{$_[0]};
+if ($filter->{'defaults'}->{'shorewall'}) {
+	$fwname.='shorewall ';
+	}
+if ($filter->{'defaults'}->{'INPUT_ZONES'}) {
+	$fwname.='firewalld ';
+	}
+if ($filter->{'defaults'} =~ /^f2b-|^fail2ban-/ && !$config{'filter_chain'} ) {
+	$fwname.='fail2ban ';
+	}
+# warning about not using direct
+if($fwname && !$config{"direct${ipvx}"}) {
+	print "<b><center>",
+		&text('index_filter_nodirect', $fwconfig),
+		"</b></center><p>\n";
+	}
+# alert about the detected firewall modules
+foreach my $word (split ' ', $fwname) {
+	print ui_alert_box(&text("index_$word", "@{[&get_webprefix()]}/$word/", $fwconfig), 'warn');
+	}
+}

firewall/lang/en

@@ -79,9 +79,9 @@ index_reset=Reset Firewall
 index_resetdesc=Click this button to clear all existing firewall rules and set up new rules for a basic initial configuration.
 index_cluster=Cluster Servers
 index_clusterdesc=Click this button to set up additional Webmin servers to which the firewall configuration will be automatically copied.
-index_ipset=IP-set
-index_ipset_title=Active IP-sets which can be used by firewall rules
-index_ipset_name=Name of IP set
+index_ipset=IPset Protocol
+index_ipset_title=Active IPsets which can be used by firewall rules
+index_ipset_name=Name of IPset
 index_ipset_type=Type
 index_ipset_elem=# Elements
 index_ipset_maxe=# Max 
@@ -140,6 +140,10 @@ desc_ctstate=state of connection is $1
 desc_ctstate!=state of connection is not $1
 desc_tos=type of service field is $1
 desc_tos!=type of service field is not $1
+desc_match-set=$2 matches IPset $1
+desc_match-set!=$2 does not match IPset $1
+desc_match-set_src=incoming traffic
+desc_match-set_dst=outgoing traffic
 desc_physdev-in=input physical interface is $1
 desc_physdev-in!=input physical interface is not $1
 desc_physdev-out=output physical interface is $1
@@ -227,6 +231,9 @@ edit_physdevout=Outgoing physical interface
 edit_physdevisin=Packet incoming on bridge interface
 edit_physdevisout=Packet outgoing on bridge interface
 edit_physdevisbridged=Packet is being bridged
+edit_matchset=Matching IPset
+edit_matchsetsrc=on incoming traffic
+edit_matchsetdst=on outgoing traffic
 
 save_err=Failed to save rule
 save_echain=Missing or invalid chain to run

firewall/save_rule.cgi

@@ -362,6 +362,13 @@ else {
 		push(@mods, "physdev");
 		}
 
+	# Parse IPset
+	if (&parse_mode("matchset", $rule, "match-set")) {
+		$rule->{'match-set'}->[1] = $in{'matchset'};
+		$rule->{'match-set'}->[2] = $in{'matchset2'};
+		push(@mods, "set");
+		}
+
 	# Add custom parameters and modules
 	$rule->{'args'} = $in{'args'};
 	push(@mods, split(/\s+/, $in{'mods'}));

firewall6/module.info

@@ -3,3 +3,4 @@ category=net
 longdesc=Configure a Linux firewall using ip6tables. Allows the editing of all tables, chains, rules and options.
 name=Firewall6
 os_support=*-linux
+library=firewall-lib.pl