Fix not to show runlevels config option for systemd

72621c2929 (commitcomment-161382677)

This reverts commit 37f9ce4bb4.

CHANGELOG.md

@@ -1,5 +1,17 @@
 ## Changelog
 
+#### 2.403 (June 30, 2025)
+* Add support for the Webmin webserver to work in both HTTP and HTTPS modes at the same time
+* Add status monitor for PHP FPM #2499
+* Add support for redirecting to the enforced domain when the `musthost_redirect` directive is set
+* Add a UI API to mask sensitive text—like displayed passwords, unless hovered over container
+* Fix MySQL/MariaDB to remove obsolete `set-variable` options that break modern config files #2497
+
+
+#### 2.402 (June 16, 2025)
+* Update the Authentic theme to the latest version with various fixes and improvements
+* Fix support for EL10-based systems
+
 #### 2.401 (June 2, 2025)
 * Add forgotten password recovery support for Virtualmin mailbox users
 * Add forgotten password recovery support in Usermin

apache/apache-lib.pl

@@ -26,82 +26,94 @@ $last_restart_time_flag = $module_var_directory."/restart-flag";
 # if the Apache binary changes, when Webmin is upgraded, or once every five
 # minutes if automatic rebuilding is enabled.
 if ($module_name ne 'htaccess') {
-	local %oldsite;
-	local $httpd = &find_httpd();
-	local @st = stat($httpd);
-	&read_file($site_file, \%oldsite);
-	local @sst = stat($site_file);
-	if ($oldsite{'path'} ne $httpd ||
-	    $oldsite{'size'} != $st[7] ||
-	    $oldsite{'webmin'} != &get_webmin_version() ||
-	    $config{'auto_mods'} && $sst[9] < time()-5*60) {
-		# Need to build list of supported modules
-		local ($ver, $mods, $fullver) = &httpd_info($httpd);
-		if ($ver) {
-			my @allmods = &available_modules();
-			local @mods = map { "$_/$ver" }
-				          &configurable_modules(\@allmods);
-			foreach my $m (@mods) {
-				if ($m =~ /(\S+)\/(\S+)/) {
-					$httpd_modules{$1} = $2;
-					}
-				}
-			# Call again now that known modules have been set, as
-			# sometimes there are dependencies due to LoadModule
-			# statements in an IfModule block
-			undef(@get_config_cache);
-			@allmods = &available_modules();
-			@mods = map { "$_/$ver" }
-				    &configurable_modules(\@allmods);
-			local %site = ( 'size' => $st[7],
-					'path' => $httpd,
-					'modules' => join(' ', @mods),
-					'allmodules' => join(' ', @allmods),
-					'version' => $ver,
-					'fullversion' => $fullver,
-					'webmin' => &get_webmin_version() );
-			&lock_file($site_file);
-			&write_file($site_file, \%site);
-			chmod(0644, $site_file);
-			&unlock_file($site_file);
-			}
-		}
-	}
-
-# Read the site-specific setup file, then require in all the module-specific
-# .pl files
-if (&read_file($site_file, \%site)) {
-	local($m, $f, $d);
-	$httpd_size = $site{'size'};
-	foreach $m (split(/\s+/, $site{'modules'})) {
-		if ($m =~ /(\S+)\/(\S+)/) {
-			$httpd_modules{$1} = $2;
-			}
-		}
-	foreach $m (split(/\s+/, $site{'allmodules'})) {
-		$all_httpd_modules{$m} = $site{'version'};
-		}
-	foreach $m (keys %httpd_modules) {
-		if (!-r "$module_root_directory/$m.pl") {
-			delete($httpd_modules{$m});
-			}
-		}
-	foreach $f (split(/\s+/, $site{'htaccess'})) {
-		if (-r $f) { push(@htaccess_files, $f); }
-		}
-	foreach $m (keys %httpd_modules) {
-		do "$m.pl";
-		}
-	foreach $d (split(/\s+/, $site{'defines'})) {
-		$httpd_defines{$d}++;
-		}
+	&create_site_file();
 	}
+&read_site_file();
 
 $apache_docbase = $config{'apache_docbase'} ? $config{'apache_docbase'} :
 		  $httpd_modules{'core'} >= 2.0 ?
 			"http://httpd.apache.org/docs-2.0/mod/" :
 			"http://httpd.apache.org/docs/mod/";
 
+# create_site_file()
+# If the Apache binary or Webmin version has changed, create the site
+# file containing all known Apache modules
+sub create_site_file
+{
+my %oldsite;
+my $httpd = &find_httpd();
+my @st = stat($httpd);
+&read_file($site_file, \%oldsite);
+my @sst = stat($site_file);
+if ($oldsite{'path'} ne $httpd ||
+    $oldsite{'size'} != $st[7] ||
+    $oldsite{'webmin'} != &get_webmin_version() ||
+    $config{'auto_mods'} && $sst[9] < time()-5*60) {
+	# Need to build list of supported modules
+	my ($ver, $mods, $fullver) = &httpd_info($httpd);
+	if ($ver) {
+		my @allmods = &available_modules();
+		my @mods = map { "$_/$ver" }
+			       &configurable_modules(\@allmods);
+		foreach my $m (@mods) {
+			if ($m =~ /(\S+)\/(\S+)/) {
+				$httpd_modules{$1} = $2;
+				}
+			}
+		# Call again now that known modules have been set, as
+		# sometimes there are dependencies due to LoadModule
+		# statements in an IfModule block
+		undef(@get_config_cache);
+		@allmods = &available_modules();
+		@mods = map { "$_/$ver" }
+			    &configurable_modules(\@allmods);
+		my %site = ( 'size' => $st[7],
+			     'path' => $httpd,
+			     'modules' => join(' ', @mods),
+			     'allmodules' => join(' ', @allmods),
+			     'version' => $ver,
+			     'fullversion' => $fullver,
+			     'webmin' => &get_webmin_version() );
+		&lock_file($site_file);
+		&write_file($site_file, \%site);
+		chmod(0644, $site_file);
+		&unlock_file($site_file);
+		}
+	}
+}
+
+# read_site_file()
+# Read the site-specific setup file, then require in all the module-specific
+# .pl files
+sub read_site_file
+{
+if (&read_file($site_file, \%site)) {
+	foreach my $m (split(/\s+/, $site{'modules'})) {
+		if ($m =~ /(\S+)\/(\S+)/) {
+			$httpd_modules{$1} = $2;
+			}
+		}
+	foreach my $m (split(/\s+/, $site{'allmodules'})) {
+		$all_httpd_modules{$m} = $site{'version'};
+		}
+	foreach my $m (keys %httpd_modules) {
+		if (!-r "$module_root_directory/$m.pl") {
+			delete($httpd_modules{$m});
+			}
+		}
+	foreach my $f (split(/\s+/, $site{'htaccess'})) {
+		if (-r $f) { push(@htaccess_files, $f); }
+		}
+	foreach my $m (keys %httpd_modules) {
+		do "$m.pl";
+		}
+	foreach my $d (split(/\s+/, $site{'defines'})) {
+		$httpd_defines{$d}++;
+		}
+	}
+
+}
+
 # parse_config_file(handle, lines, file, [recursive])
 # Parses lines of text from some config file into a data structure. The
 # return value is an array of references, one for each directive in the file.
@@ -2274,5 +2286,15 @@ sub format_config_allowed
 return $config{'format_config'};
 }
 
+# clear_apache_modules_cache()
+# If new Apache modules were enabled, force re-gen of the site file
+# that contains the modules cache
+sub clear_apache_modules_cache
+{
+&unlink_file($site_file);
+&create_site_file();
+&read_site_file();
+}
+
 1;
 

apache/save_mods.cgi

@@ -23,7 +23,7 @@ foreach $m (@mods) {
 	}
 
 # Force re-detection of modules
-unlink($site_file);
+&clear_apache_modules_cache();
 
 # Force restart Apache
 if ($changed && &is_apache_running()) {

bin/server

@@ -64,7 +64,7 @@ sub run
     };
     root($o->{'config'}, \&$conf_check);
     my $service = ($o->{'config'} =~ /usermin/ ? 'usermin' : 'webmin');
-    my $systemctlcmd = `which systemctl`;
+    my $systemctlcmd = &has_command('systemctl');
     $systemctlcmd =~ s/\s+$//;
     if ($o->{'cmd'} =~ /^(start|stop|restart|reload)$/) {
         my $rs = system("$o->{'config'}/$o->{'cmd'} $service");

bin/webmin

@@ -95,8 +95,10 @@ sub main {
                               undef, 1, undef, undef, 5);
                 if ($latest_known_versions_remote &&
                     !$latest_known_versions_remote_error) {
-                    %versions_remote = map{split /=/, $_}
-                                          (split(/\n/, $latest_known_versions_remote));
+                        %versions_remote = map {
+                            my ($k, $v) = split(/=/, $_, 2);
+                            defined($v) ? ($k => $v) : ();
+                        } split(/\n/, $latest_known_versions_remote);
                 } elsif ($latest_known_versions_remote_error) {
                     say BRIGHT_YELLOW, "Warning: ", RESET, "Cannot fetch remote packages versions list - $latest_known_versions_remote_error";
                 }

gray-theme/unauthenticated/gray-theme.css

@@ -422,6 +422,10 @@ details.ui_hidden_table_start > summary::-webkit-details-marker {
     color: #a1acc0;
 }
 
+details:not([open]).on-hover:not(:hover) summary::after {
+  visibility: hidden !important;
+}
+
 details.inline {
   cursor: pointer;
   padding: 0;
@@ -818,3 +822,21 @@ body > .mode > b[data-mode="server-manager"] > a > .ff-cloudmin {
 [data-pro-disabled$="-elem"] a:hover {
   filter: grayscale(1) contrast(1);
 }
+.not-secure {
+  color: #c40000;
+  float: right;
+}
+.inherit-color::after,
+.inherit-color::before,
+.inherit-color:focus::after,
+.inherit-color:focus::before,
+.inherit-color:active::after,
+.inherit-color:active::before,
+.inherit-color:hover::after,
+.inherit-color:hover::before,
+.inherit-color:focus,
+.inherit-color:active,
+.inherit-color:hover,
+.inherit-color {
+    color: inherit !important;
+}

init/index.cgi

@@ -335,11 +335,13 @@ elsif ($init_mode eq "systemd" && $access{'bootup'}) {
 		   &select_invert_link("d"),
 		   &ui_link("edit_systemd.cgi?new=1", $text{'index_sadd'}) );
 	print &ui_links_row(\@links);
-	print &ui_columns_start([ "", $text{'index_uname'},
-				  $text{'index_udesc'},
-				  $text{'index_ucstatus'},
-				  $text{'index_uboot'},
-				  $text{'index_ustatus'}, ]);
+	print &ui_columns_start([ "", $text{'systemd_name'},
+				  $config{'desc'} ? $text{'systemd_desc'} : (),
+				  $text{'systemd_type'},
+				  $text{'systemd_status'},
+				  $text{'systemd_boot'},
+				  $text{'index_ustatus'} ]);
+	my $units_piped = join('|', map { quotemeta } &get_systemd_unit_types());
 	foreach $u (&list_systemd_services()) {
 		if ($u->{'legacy'}) {
 			$l = "edit_action.cgi?0+".&urlize($u->{'name'});
@@ -347,12 +349,23 @@ elsif ($init_mode eq "systemd" && $access{'bootup'}) {
 		else {
 			$l = "edit_systemd.cgi?name=".&urlize($u->{'name'});
 			}
+		my $sname = $u->{'name'};
+		my ($type) = $sname =~ /\.([^.]+)$/;
+		if (defined($type) && $type =~ /^(?:$units_piped)$/) {
+			$sname =~ s/\.$type$//;
+			}
+		else {
+			$type = '';
+			}
+		my $title = ($u->{'boot'} == -1 ?
+			    &html_escape($sname) :
+			    &ui_link($l, &html_escape($sname)));
+		my $desc = $config{'desc'} ? &html_escape($u->{'desc'}) : undef;
 		print &ui_columns_row([
 			&ui_checkbox("d", $u->{'name'}, undef),
-			$u->{'boot'} == -1 ?
-			    &html_escape($u->{'name'}) :
-			    &ui_link($l, &html_escape($u->{'name'})),
-			&html_escape($u->{'desc'}),
+			$title,
+			$desc // (),
+			$type,
 			$u->{'fullstatus'} || "<i>$text{'index_unknown'}</i>",
 			$u->{'boot'} == 1 ?
 			    &ui_text_color("$text{'yes'}", 'success') :

init/init-lib.pl

@@ -207,7 +207,7 @@ unless full unit name is passed
 sub action_unit
 {
 my ($unit) = @_;
-my $units_piped = &get_systemd_unit_types('|');
+my $units_piped = join('|', &get_systemd_unit_types());
 $unit .= ".service"
 	if ($unit !~ /\.($units_piped)$/);
 return $unit;
@@ -2128,7 +2128,7 @@ if (@list_systemd_services_cache && !$noinit) {
 	return @list_systemd_services_cache;
 	}
 
-my $units_piped = &get_systemd_unit_types('|');
+my $units_piped = join('|', &get_systemd_unit_types());
 
 # Get all systemd unit names
 my $out = &backquote_command("systemctl list-units --full --all -t service --no-legend");
@@ -2181,7 +2181,7 @@ while(@units) {
 	while(@args < 100 && @units) {
 		push(@args, shift(@units));
 		}
-	my $out = &backquote_command("systemctl show --property=Id,Description,UnitFileState,ActiveState,SubState,ExecStart,ExecStop,ExecReload,ExecMainPID,FragmentPath ".join(" ", @args)." 2>/dev/null");
+	my $out = &backquote_command("systemctl show --property=Id,Description,UnitFileState,ActiveState,SubState,ExecStart,ExecStop,ExecReload,ExecMainPID,FragmentPath,DropInPaths ".join(" ", @args)." 2>/dev/null");
 	my @lines = split(/\r?\n/, $out);
 	my $curr;
 	my @units;
@@ -2415,7 +2415,7 @@ my ($name) = @_;
 &restart_systemd();
 }
 
-=head2 get_systemd_unit_types([return-as-string-separated])
+=head2 get_systemd_unit_types()
 
 Returns a list of all systemd unit types. Returns a string
 instead if separator param is set.
@@ -2423,14 +2423,8 @@ instead if separator param is set.
 =cut
 sub get_systemd_unit_types
 {
-my ($str_separator) = @_;
-my @systemd_types = ('target', 'service', 'socket', 'device',
-                     'mount', 'automount', 'swap', 'path',
-                     'timer', 'snapshot', 'slice', 'scope',
-                     'busname');
-return $str_separator ?
-	join($str_separator, @systemd_types) :
-	@systemd_types;
+return ('target', 'service', 'socket', 'device', 'mount', 'automount',
+	'swap', 'path', 'timer', 'snapshot', 'slice', 'scope', 'busname');
 }
 
 =head2 is_systemd_service(name)
@@ -2441,7 +2435,7 @@ Returns 1 if some service is managed by systemd
 sub is_systemd_service
 {
 my ($name) = @_;
-my $units_piped = &get_systemd_unit_types('|');
+my $units_piped = join('|', &get_systemd_unit_types());
 foreach my $s (&list_systemd_services(1)) {
 	if (($s->{'name'} eq $name ||
 	     $s->{'name'} =~
@@ -2467,22 +2461,10 @@ my $systemd_unit_dir2 = "/lib/systemd/system";
 if ($name) {
 	foreach my $p ($systemd_local_conf, $systemd_unit_dir1,
 		       $systemd_unit_dir2) {
-		if (-r "$p/$name.service"   ||
-		    -r "$p/$name"           ||
-		    -r "$p/$name.target"    ||
-		    -r "$p/$name.socket"    ||
-		    -r "$p/$name.device"    ||
-		    -r "$p/$name.mount"     ||
-		    -r "$p/$name.automount" ||
-		    -r "$p/$name.swap"      ||
-		    -r "$p/$name.path"      ||
-		    -r "$p/$name.timer"     ||
-		    -r "$p/$name.snapshot"  ||
-		    -r "$p/$name.slice"     ||
-		    -r "$p/$name.scope"     ||
-		    -r "$p/$name.busname") {
-			return $p;
+		foreach my $t (&get_systemd_unit_types()) {
+			return $p if (-r "$p/$name.$t");
 			}
+		return $p if (-r "$p/$name");
 		}
 	}
 # Always use /etc/systemd/system for locally created units
@@ -2919,4 +2901,12 @@ my ($name) = @_;
 return $name =~ /\./ ? $name : "com.webmin.".$name;
 }
 
+# config_pre_load(mod-info, [mod-order])
+# Check if some config options are conditional
+sub config_pre_load
+{
+my ($modconf_info, $modconf_order) = @_;
+$modconf_info->{'desc'} =~ s/2-[^,]+,// if ($init_mode eq "systemd");
+}
+
 1;

init/lang/en

@@ -221,29 +221,30 @@ upstart_eserver2=Server command does not exist
 upstart_eserver3=Only one server command can be entered
 upstart_return=upstart service
 
-systemd_title1=Create Systemd Service
-systemd_title2=Edit Systemd Service
-systemd_egone=Service no longer exists!
-systemd_elegacy=Not a systemd service!
-systemd_header=Systemd service details
-systemd_name=Service name
+systemd_title1=Create Systemd Unit
+systemd_title2=Edit Systemd Unit
+systemd_egone=Unit no longer exists!
+systemd_elegacy=Not a systemd unit!
+systemd_header=Systemd unit details
+systemd_name=Unit name
+systemd_type=Unit type
 systemd_file=Configuration file
-systemd_desc=Service description
+systemd_desc=Unit description
 systemd_start=Commands to run on startup
 systemd_stop=Commands to run on shutdown
-systemd_conf=Systemd configuration
+systemd_conf=Systemd unit configuration
 systemd_boot=Start at boot time?
 systemd_status=Current status
 systemd_status0=Not running
 systemd_status1=Running with PID $1
 systemd_status2=Running
 systemd_status3=Unknown!
-systemd_err=Failed to save systemd service
-systemd_ename=Missing or invalid-lookup systemd service name
-systemd_eclash=A service with the same name already exists
-systemd_edesc=Missing service description
-systemd_return=systemd service
-systemd_econf=No systemd configuration entered
+systemd_err=Failed to save systemd unit
+systemd_ename=Missing or invalid-lookup systemd unit name
+systemd_eclash=A unit with the same name already exists
+systemd_edesc=Missing unit description
+systemd_return=systemd unit
+systemd_econf=No systemd unit configuration entered
 systemd_estart=Missing commands to run on startup
 
 launchd_title1=Create Launchd Agent

lang/en

@@ -189,6 +189,9 @@ pam_mesg2=You must respond to the question below to login.
 pam_login=Continue
 pam_restart=Restart
 
+login_notsecure=Not Secure
+login_notsecure_desc=This connection is not secure and could let a man-in-the-middle attack intercept your password or session cookie. Click this badge to switch to an HTTPS connection, unless you are on a trusted local network or behind a secure reverse proxy.
+
 acl_root=Root directory for file chooser
 acl_otherdirs=Other visible directories in file chooser
 acl_nodot=Hide dot files in file chooser?

makedist.pl

@@ -1,34 +1,28 @@
 #!/usr/local/bin/perl
 # Builds a tar.gz package of a specified Webmin version
 
-if ($0 =~ /^(.*)\//) {
-	chdir($1);
-	}
-@ARGV == 1 || @ARGV == 2 || @ARGV == 3 || usage();
-if ($ARGV[0] eq "-minimal" || $ARGV[0] eq "--minimal") {
-	$min++;
-	shift(@ARGV);
-	}
-if ($ARGV[0] =~ /^--exclude-modules/) {
-	$exclude_modules = $ARGV[0];
-	shift(@ARGV);
-	}
-if ($ARGV[0] =~ /^--product-type/) {
-	$product_type = $ARGV[0];
-	$product_type =~ s/--product-type=//;
-	if ($product_type =~ /^(minimal|essential)$/) {
-		$product_suff = "-$product_type";
-		$product_pref = "$product_type-";
+# Parse command line options
+$mod_list  = 'full';
+@ARGV = map { /^--\S+\s+/ ? split(/\s+/, $_) : $_ } @ARGV;
+while (@ARGV && $ARGV[0] =~ /^--?/) {
+	my $opt = shift(@ARGV);
+	if ($opt eq '--minimal' || $opt eq '-minimal') {
+		$min = 1;
+		next;
 		}
-	shift(@ARGV);
+	if ($opt eq '--mod-list') {
+		$mod_list = shift(@ARGV) // usage();
+		next;
+		}
+	usage();
 	}
+@ARGV == 1 || usage();
 $fullvers = $ARGV[0];
-$fullvers =~ /^([0-9\.]+)(\-(\d+))?$/ || usage();
-$vers = $1;
-$release = $3;
-$tardir = $min ? "minimal" : "tarballs";
-$vfile = $product_pref ? "$product_pref$fullvers" : $min ? "$fullvers-minimal" : $fullvers;
-$zipdir = "zips";
+$fullvers =~ /^([0-9\.]+)(?:-(\d+))?$/ || usage();
+($vers, $release) = ($1, $2);
+$tardir = $min ? 'minimal' : 'tarballs';
+$vfile  = $min ? "$fullvers-minimal" : $fullvers;
+$zipdir = 'zips';
 $vers || usage();
 
 @files = ("config.cgi", "config-*-linux",
@@ -70,20 +64,15 @@ if ($min) {
 	}
 else {
 	# All the modules
-	my $mod_def_list;
+	my $mods_list;
 	my $curr_dir = $0;
 	($curr_dir) = $curr_dir =~ /^(.+)\/[^\/]+$/;
 	$curr_dir = "." if ($curr_dir !~ /^\//);
-	open(my $fh, '<', "$curr_dir/mod_def_list.txt") || die "Error opening \"mod_def_list.txt\" : $!\n";
-	$mod_def_list = do { local $/; <$fh> };
+	open(my $fh, '<', "$curr_dir/mod_${mod_list}_list.txt") ||
+		die "Error opening \"mod_${mod_list}_list.txt\" : $!\n";
+	$mods_list = do { local $/; <$fh> };
 	close($fh);
-	@mlist = split(/\s+/, $mod_def_list);
-	if ($exclude_modules) {
-		$exclude_modules =~ s/--exclude-modules=//;
-		my @mlist_excluded =
-		    grep { my $f = $_; ! grep $_ eq $f, split(',', $exclude_modules) } @mlist;
-		@mlist = @mlist_excluded;
-		}
+	@mlist = split(/\s+/, $mods_list);
 	}
 
 # Build EOL data
@@ -296,6 +285,6 @@ close(ARFILE);
 
 sub usage
 {
-die "usage: makedist.pl [-minimal] [--exclude-modules] <version>";
+    die "Usage: $0 [--minimal] [--mod-list type] <version>\n";
 }
 

makemoduledeb.pl

@@ -29,6 +29,8 @@ my ($force_theme, $url, $upstream, $debdepends, $debrecommends,
     $no_prefix, $force_usermin, $release, $allow_overwrite, $final_mod,
     $dsc_file, $dir, $ver, @exclude);
 
+my $mod_list  = 'full';
+
 while(@ARGV) {
 	my $a = shift(@ARGV);
 	if ($a eq "--deb-depends") {
@@ -79,6 +81,9 @@ while(@ARGV) {
 	elsif ($a eq "--exclude") {
 		push(@exclude, shift(@ARGV));
 		}
+	elsif ($a eq "--mod-list") {
+		$mod_list = shift(@ARGV);
+		}
 	elsif ($a =~ /^\-\-/) {
 		print STDERR "Unknown option $a\n";
 		exit(1);
@@ -113,6 +118,7 @@ if (!$dir) {
 	print "                        [--dsc-file file.dsc]\n";
 	print "                        [--force-theme]\n";
 	print "                        [--exclude file-or-dir]\n";
+	print "                        [--mod-list full|core|minimal]\n";
 	print RESET, "\n";
 	exit(1);
 	}
@@ -246,7 +252,7 @@ if ($debdepends && exists($minfo{'depends'})) {
 			my $curr_dir = $0;
 			($curr_dir) = $curr_dir =~ /^(.+)\/[^\/]+$/;
 			$curr_dir = "." if ($curr_dir !~ /^\//);
-			my $mod_def_file = "$curr_dir/mod_def_list.txt";
+			my $mod_def_file = "$curr_dir/mod_${mod_list}_list.txt";
 			next if (! -r $mod_def_file);
 			open(my $fh, '<', $mod_def_file) ||
 				die "Error opening \"$mod_def_file\" : $!\n";
@@ -279,7 +285,7 @@ if (exists($minfo{'deb_requires'})) {
 	foreach my $debrequire (split(/\s+/, $minfo{'deb_requires'})) {
 		push(@rrequires, $debrequire);
 		}
-	$rdeps .= ", " . join(", ", @rrequires) if (@rrequires);
+	$rdeps .= ($rdeps ? ', ' : '') . join(", ", @rrequires) if (@rrequires);
 	}
 
 # Build (append) list of recommended packages (not Webmin modules)
@@ -288,7 +294,8 @@ if (exists($minfo{'deb_recommends'})) {
 	foreach my $debrecommend (split(/\s+/, $minfo{'deb_recommends'})) {
 		push(@rrecommends, $debrecommend);
 		}
-	$rrecom .= ", " . join(", ", @rrecommends) if (@rrecommends);
+	$rrecom .= ($rrecom ? ', ' : '') . join(", ", @rrecommends)
+		if (@rrecommends);
 	}
 
 # Build (standalone) list of suggested packages (not Webmin modules)

makemodulerpm.pl

@@ -32,10 +32,12 @@ my $release = 1;
 $ENV{'PATH'} = "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin";
 my $allow_overwrite = 0;
 
-my ($force_theme, $rpmdepends, $rpmrecommends, $no_prefix, $set_prefix, $vendor,
-    $url, $force_usermin, $final_mod, $sign, $keyname,
+my ($force_theme, $rpmdepends, $rpmrecommends, $no_prefix, $set_prefix,
+    $obsolete_wbm, $vendor, $url, $force_usermin, $final_mod, $sign, $keyname,
     $epoch, $dir, $ver, @exclude);
 
+my $mod_list  = 'full';
+
 # Parse command-line args
 while(@ARGV) {
 	# XXX Untainting isn't needed when running as non-root?
@@ -52,6 +54,12 @@ while(@ARGV) {
 	elsif ($a eq "--no-prefix") {
 		$no_prefix = 1;
 		}
+	elsif ($a eq "--prefix") {
+		$set_prefix = &untaint(shift(@ARGV));
+		}
+	elsif ($a eq "--obsolete-wbm") {
+		$obsolete_wbm = 1;
+		}
 	elsif ($a eq "--licence" || $a eq "--license") {
 		$licence = &untaint(shift(@ARGV));
 		}
@@ -79,9 +87,6 @@ while(@ARGV) {
 	elsif ($a eq "--rpm-dir") {
 		$basedir = &untaint(shift(@ARGV));
 		}
-	elsif ($a eq "--prefix") {
-		$set_prefix = &untaint(shift(@ARGV));
-		}
 	elsif ($a eq "--vendor") {
 		$vendor = &untaint(shift(@ARGV));
 		}
@@ -97,6 +102,9 @@ while(@ARGV) {
 	elsif ($a eq "--exclude") {
 		push(@exclude, shift(@ARGV));
 		}
+	elsif ($a eq "--mod-list") {
+		$mod_list = shift(@ARGV);
+		}
 	elsif ($a =~ /^\-\-/) {
 		print STDERR "Unknown option $a\n";
 		exit(1);
@@ -121,6 +129,7 @@ if (!$dir) {
 	print "                        [--rpm-dir directory]\n";
 	print "                        [--no-prefix]\n";
 	print "                        [--prefix prefix]\n";
+	print "                        [--no-wbm-prefix]\n";
 	print "                        [--vendor name]\n";
 	print "                        [--licence name]\n";
 	print "                        [--url url]\n";
@@ -134,6 +143,7 @@ if (!$dir) {
 	print "                        [--sign]\n";
 	print "                        [--key keyname]\n";
 	print "                        [--exclude file]\n";
+	print "                        [--mod-list full|core|minimal]\n";
 	print RESET, "\n";
 	exit(1);
 	}
@@ -164,7 +174,8 @@ if (!-d $spec_dir || !-d $rpm_source_dir || !-d $rpm_dir) {
 
 # Is this actually a module or theme directory?
 -d $source_dir || die "$dir is not a directory";
-my ($depends, $prefix, $desc, $prog, $iver, $istheme, $post_config);
+my ($depends, $prefix, $prefix_auto, $desc, $prog, $iver,
+    $istheme, $post_config);
 if ($minfo{'desc'}) {
 	$depends = join(" ", map { s/\/[0-9\.]+//; $_ }
 				grep { !/^[0-9\.]+$/ }
@@ -200,6 +211,7 @@ elsif ($tinfo{'desc'}) {
 else {
 	die "$source_dir does not appear to be a webmin module or theme";
 	}
+$prefix_auto = $prefix;
 $prefix = "" if ($no_prefix);
 $prefix = $set_prefix if ($set_prefix);
 my $ucprog = ucfirst($prog);
@@ -267,7 +279,7 @@ if ($rpmdepends && defined($minfo{'depends'})) {
 			my $curr_dir = $0;
 			($curr_dir) = $curr_dir =~ /^(.+)\/[^\/]+$/;
 			$curr_dir = "." if ($curr_dir !~ /^\//);
-			my $mod_def_file = "$curr_dir/mod_def_list.txt";
+			my $mod_def_file = "$curr_dir/mod_${mod_list}_list.txt";
 			next if (! -r $mod_def_file);
 			open(my $fh, '<', $mod_def_file) ||
 				die "Error opening \"$mod_def_file\" : $!\n";
@@ -300,7 +312,7 @@ if (exists($minfo{'rpm_requires'})) {
 	foreach my $rpmrequire (split(/\s+/, $minfo{'rpm_requires'})) {
 		push(@rrequires, $rpmrequire);
 		}
-	$rdeps .= " " . join(" ", @rrequires) if (@rrequires);
+	$rdeps .= ($rdeps ? ' ' : '') . join(" ", @rrequires) if (@rrequires);
 	}
 
 # Build (append) list of recommended packages (not Webmin modules)
@@ -309,7 +321,8 @@ if (exists($minfo{'rpm_recommends'})) {
 	foreach my $rpmrecommend (split(/\s+/, $minfo{'rpm_recommends'})) {
 		push(@rrecommends, $rpmrecommend);
 		}
-	$rrecom .= " " . join(" ", @rrecommends) if (@rrecommends);
+	$rrecom .= ($rrecom ? ' ' : '') . join(" ", @rrecommends)
+		if (@rrecommends);
 	}
 
 # Build (standalone) list of suggested packages (not Webmin modules)
@@ -344,6 +357,12 @@ if (exists($minfo{'rpm_obsoletes'})) {
 		}
 	}
 
+# Fix support for old module name prefixes
+if ($obsolete_wbm) {
+	push(@rprovides, "$prefix_auto$mod");
+	push(@robsoletes, "$prefix_auto$mod");
+	}
+
 # Create the SPEC file
 my $vendorheader = $vendor ? "Vendor: $vendor" : "";
 my $urlheader = $url ? "URL: $url" : "";
@@ -360,7 +379,7 @@ Summary: $desc
 Name: $prefix$mod
 Version: $ver
 Release: $release
-Requires: /bin/sh /usr/bin/perl /usr/libexec/$prog $rdeps
+Requires: /bin/sh /usr/bin/perl $prog $rdeps
 EOF
 print $SPEC "Recommends: $rrecom\n" if ($rrecom);
 print $SPEC "Suggests: " . join(" ", @rsuggests) . "\n" if (@rsuggests);

makerpm.pl

@@ -90,7 +90,7 @@ Requires(pre): /usr/bin/perl
 Requires: /bin/sh /usr/bin/perl perl(lib) perl(open) perl(Net::SSLeay) perl(Time::Local) perl(Data::Dumper) perl(File::Path) perl(File::Basename) perl(Digest::SHA) perl(Digest::MD5) openssl unzip tar gzip
 Recommends: perl(DateTime) perl(DateTime::TimeZone) perl(DateTime::Locale) perl(Time::Piece) perl(Encode::Detect) perl(Time::HiRes) perl(Socket6) html2text shared-mime-info perl-File-Basename perl-File-Path perl-JSON-XS qrencode perl(DBI) perl(DBD::mysql)
 AutoReq: 0
-License: BSD-3-clause
+License: BSD-3-Clause
 Group: System/Tools
 Source: http://www.webmin.com/download/$tarfile
 Vendor: $rpm_maintainer

miniserv.pl

@@ -383,12 +383,7 @@ foreach $mod (split(/\s+/, $config{'preuse'})) {
 	}
 
 # Open debug log if set
-if ($config{'debuglog'}) {
-	open(DEBUG, ">>$config{'debuglog'}");
-	chmod(0700, $config{'debuglog'});
-	select(DEBUG); $| = 1; select(STDOUT);
-	print DEBUG "miniserv.pl starting ..\n";
-	}
+&open_debug_to_log("miniserv.pl starting ..\n");
 
 # Write out (empty) blocked hosts file
 &write_blocked_file();
@@ -595,9 +590,16 @@ if ($config{'logclear'}) {
 					# need to clear log
 					$write_logtime = 1;
 					unlink($config{'logfile'});
+					unlink($config{'errorlog'})
+						if ($config{'errorlog'} &&
+						    $config{'errorlog'} ne '-');
+					unlink($config{'debuglog'})
+						if ($config{'debuglog'});
 					}
 				}
-			else { $write_logtime = 1; }
+			else {
+				$write_logtime = 1;
+				}
 			if ($write_logtime) {
 				open(LOGTIME, ">$config{'logfile'}.time");
 				print LOGTIME time(),"\n";
@@ -634,6 +636,16 @@ local $remove_session_count = 0;
 $need_pipes = $config{'passdelay'} || $config{'session'};
 $cron_runs = 0;
 while(1) {
+	# Periodically re-open error and debug logs if deleted via regular
+	# log clearing
+	if ($config{'errorlog'} && $config{'errorlog'} ne '-' &&
+	    !-e $config{'errorlog'}) {
+		&redirect_stderr_to_log();
+		}
+	if ($config{'debuglog'} && !-e $config{'debuglog'}) {
+		&open_debug_to_log();
+		}
+
 	# Check if any webmin cron jobs are ready to run
 	&execute_ready_webmin_crons($cron_runs++);
 
@@ -918,11 +930,27 @@ while(1) {
 
 				# Initialize SSL for this connection
 				if ($use_ssl) {
-					($ssl_con, $ssl_certfile,
-					 $ssl_keyfile) = &ssl_connection_for_ip(
-							   SOCK, $ipv6fhs{$s});
-					print DEBUG "ssl_con returned $ssl_con\n";
-					$ssl_con || exit;
+					my $byte = '';
+					# Look at the first byte of the socket
+					# buffer but don't consume it
+					recv(SOCK, $byte, 1, MSG_PEEK);
+					if (length($byte) &&
+					    # Check if the first byte is a TLS
+					    (ord($byte) == 0x16 ||
+					    # Check if the first byte is SSL
+					    (ord($byte) & 0x80))) {
+						($ssl_con,
+						 $ssl_certfile,
+						 $ssl_keyfile) =
+							&ssl_connection_for_ip(
+							    SOCK, $ipv6fhs{$s});
+						print DEBUG "ssl_con returned ".
+							"$ssl_con\n";
+						$ssl_con || exit;
+						}
+					else {
+						$use_ssl = 0;
+						}
 					}
 
 				print DEBUG
@@ -1088,11 +1116,10 @@ while(1) {
 					}
 				$userlast{$1} = $time_now;
 				}
-			elsif ($inline =~ /^verify\s+(\S+)\s+(\S+)\s+(\S+)/) {
+			elsif ($inline =~ /^verify\s+(\S+)\s+(\S+)/) {
 				# Verifying a session ID
 				local $session_id = $1;
-				local $notimeout = $2;
-				local $vip = $3;
+				local $vip = $2;
 				local $skey = $sessiondb{$session_id} ?
 						$session_id : 
 						&hash_session_id($session_id);
@@ -1105,8 +1132,7 @@ while(1) {
 					  split(/\s+/, $sessiondb{$skey});
 					local $lot = &get_logout_time($user, $session_id);
 					if ($lot &&
-					    $time_now - $ltime > $lot*60 &&
-					    !$notimeout) {
+					    $time_now - $ltime > $lot*60) {
 						# Session has timed out due to
 						# idle time being hit
 						print $outfd "1 ",($time_now - $ltime),"\n";
@@ -1520,7 +1546,8 @@ if (defined($header{'host'})) {
 	else {
 		$host = $header{'host'};
 		}
-	if ($config{'musthost'} && $host ne $config{'musthost'}) {
+	if ($config{'musthost'} && $host ne $config{'musthost'} &&
+	    !$config{'musthost_redirect'}) {
 		# Disallowed hostname used
 		&http_error(400, "Invalid HTTP hostname");
 		}
@@ -1543,6 +1570,22 @@ if ($config{'redirect_prefix'}) {
 	}
 $prot = $ssl ? "https" : "http";
 
+# Redirect to the configured "musthost", if "musthost_redirect" is set, rather
+# than showing an error
+if ($config{'musthost'} && $host ne $config{'musthost'} &&
+    $config{'musthost_redirect'}) {
+	&write_data("HTTP/1.0 302 Moved Temporarily\r\n");
+	&write_data("Date: $datestr\r\n");
+	&write_data("Server: @{[&server_info()]}\r\n");
+	&write_data("Location: $prot://$config{'musthost'}:$redirport\r\n");
+	&write_keep_alive(0);
+	&write_data("\r\n");
+	&log_request($loghost, $authuser, $reqline, 302, 0) if $reqline;
+	shutdown(SOCK, 1);
+	close(SOCK);
+	return;
+	}
+
 undef(%in);
 if ($page =~ /^([^\?]+)\?(.*)$/) {
 	# There is some query string information
@@ -1818,7 +1861,7 @@ if ($config{'session'} && !$deny_authentication &&
 			&http_error(500, "Invalid session",
 			    "Session ID contains invalid characters");
 			}
-		print $PASSINw "verify $sid 0 $acptip\n";
+		print $PASSINw "verify $sid $acptip\n";
 		<$PASSOUTr> =~ /^(\d+)\s+(\S+)/;
 		if ($1 != 2) {
 			&http_error(500, "Invalid session",
@@ -1989,9 +2032,7 @@ if ($config{'session'} && !$validated) {
 		local $cookie = $header{'cookie'};
 		while($cookie =~ s/(^|\s|;)$sidname=([a-f0-9]+)//) {
 			$session_id = $2;
-			local $notimeout =
-				$in{'webmin_notimeout'} ? 1 : 0;
-			print $PASSINw "verify $session_id $notimeout $acptip\n";
+			print $PASSINw "verify $session_id $acptip\n";
 			<$PASSOUTr> =~ /(\d+)\s+(\S+)/;
 			if ($1 == 2) {
 				# Valid session continuation
@@ -5508,14 +5549,7 @@ foreach my $pe (split(/\t+/, $config{'expires_paths'})) {
 	}
 
 # Re-open debug log
-close(DEBUG);
-if ($config{'debuglog'}) {
-	open(DEBUG, ">>$config{'debuglog'}");
-	select(DEBUG); $| = 1; select(STDOUT);
-	}
-else {
-	open(DEBUG, ">/dev/null");
-	}
+&open_debug_to_log();
 
 # Reset cache of sudo checks
 undef(%sudocache);
@@ -5902,7 +5936,7 @@ while(1) {
 	if ($now - $last_session_check_time > 10) {
 		# Re-validate the browser session every 10 seconds
 		print DEBUG "verifying websockets session $session_id\n";
-		print $PASSINw "verify $session_id 0 $acptip\n";
+		print $PASSINw "verify $session_id $acptip\n";
 		<$PASSOUTr> =~ /(\d+)\s+(\S+)/;
 		if ($1 != 2) {
 			print DEBUG "session $session_id has expired!\n";
@@ -6664,6 +6698,7 @@ else {
 sub redirect_stderr_to_log
 {
 if ($config{'errorlog'} ne '-') {
+	close(STDERR);
 	open(STDERR, ">>$config{'errorlog'}") ||
 		die "failed to open $config{'errorlog'} : $!";
 	if ($config{'logperms'}) {
@@ -6673,6 +6708,23 @@ if ($config{'errorlog'} ne '-') {
 select(STDERR); $| = 1; select(STDOUT);
 }
 
+# open_debug_to_log([msg])
+# Direct the DEBUG file handle somewhere
+sub open_debug_to_log
+{
+my ($msg) = @_;
+close(DEBUG);
+if ($config{'debuglog'}) {
+	open(DEBUG, ">>$config{'debuglog'}");
+	chmod(0700, $config{'debuglog'});
+	select(DEBUG); $| = 1; select(STDOUT);
+	print DEBUG $msg if ($msg);
+	}
+else {
+	open(DEBUG, ">/dev/null");
+	}
+}
+
 # should_gzip_file(filename)
 # Returns 1 if some path should be gzipped
 sub should_gzip_file

mod_core_list.txt

@@ -0,0 +1 @@
+acl apache authentic-theme backup-config bind8 change-user cron dovecot fail2ban fdisk filemin firewalld fsdump gray-theme htaccess-htpasswd init logrotate logviewer lvm mailboxes mailcap mount mysql net package-updates passwd phpini postfix proc procmail proftpd quota servers software spam sshd status system-status time updown useradmin usermin webmin webmincron webminlog xterm

mod_def_list.txt

@@ -1 +0,0 @@
-cron dfsadmin exports inetd init mount samba useradmin fdisk format proc webmin quota software pap acl apache lpadmin bind8 sendmail squid bsdexports hpuxexports net dhcpd custom servers time syslog mysql man inittab raid postfix webminlog postgresql xinetd status cpan pam nis shell fetchmail passwd at proftpd sshd heartbeat cluster-software cluster-useradmin qmailadmin stunnel usermin fsdump lvm procmail cluster-webmin firewall sgiexports openslp webalizer shorewall adsl-client updown ppp-client pptp-server pptp-client ipsec ldap-useradmin change-user cluster-shell cluster-cron spam htaccess-htpasswd logrotate cluster-passwd mailboxes ipfw sarg bandwidth cluster-copy backup-config smart-status idmapd krb5 smf ipfilter rbac tunnel zones cluster-usermin dovecot syslog-ng mailcap ldap-client phpini filter bacula-backup ldap-server exim tcpwrappers package-updates system-status webmincron shorewall6 iscsi-server iscsi-client gray-theme iscsi-target iscsi-tgtd bsdfdisk fail2ban authentic-theme firewalld filemin firewall6 logviewer xterm

mod_full_list.txt

@@ -0,0 +1 @@
+acl adsl-client apache at authentic-theme backup-config bacula-backup bandwidth bind8 bsdexports bsdfdisk change-user cluster-copy cluster-cron cluster-passwd cluster-shell cluster-software cluster-useradmin cluster-usermin cluster-webmin cpan cron custom dfsadmin dhcpd dovecot exim exports fail2ban fdisk fetchmail filemin filter firewall firewall6 firewalld format fsdump gray-theme heartbeat hpuxexports htaccess-htpasswd idmapd inetd init inittab ipfilter ipfw ipsec iscsi-client iscsi-server iscsi-target iscsi-tgtd krb5 ldap-client ldap-server ldap-useradmin logrotate logviewer lpadmin lvm mailboxes mailcap man mount mysql net nis openslp package-updates pam pap passwd phpini postfix postgresql ppp-client pptp-client pptp-server proc procmail proftpd qmailadmin quota raid rbac samba sarg sendmail servers sgiexports shell shorewall shorewall6 smart-status smf software spam squid sshd status stunnel syslog syslog-ng system-status tcpwrappers time tunnel updown useradmin usermin webalizer webmin webmincron webminlog xinetd xterm zones

mod_minimal_list.txt

@@ -0,0 +1 @@
+acl cron init inittab man proc servers system-status webmin webmincron webminlog

mysql/edit_cnf.cgi

@@ -50,9 +50,10 @@ print &ui_table_row($text{'cnf_stor'},
 				 'NDB', 'ARCHIVE', 'CSV',
 				 'BLACKHOLE' ], 1, 0, 1));
 
+my $ifpt_def_off = &get_innodb_file_per_table_default() ? 0 : 1;
 $fpt = &find_value("innodb_file_per_table", $mems);
 print &ui_table_row($text{'cnf_fpt'},
-		    &ui_yesno_radio("fpt", $fpt));
+		    &ui_yesno_radio("fpt", $fpt // $ifpt_def_off));
 
 $ilt = &find_value("innodb_lock_wait_timeout", $mems);
 print &ui_table_row($text{'cnf_ilt'},

mysql/mysql-lib.pl

@@ -88,20 +88,13 @@ if ($mysql_version =~ /mariadb/i) {
 }
 &fix_mysql_text(\%text);
 
-if (&compare_version_numbers($mysql_version, "5.5") >= 0) {
-	@mysql_set_variables = ( "key_buffer_size", "sort_buffer_size",
-				 "net_buffer_length" );
-	}
-else {
-	@mysql_set_variables = ( "key_buffer", "sort_buffer",
-				 "net_buffer_length" );
-	}
 if (&compare_version_numbers($mysql_version, "5.6") >= 0) {
 	@mysql_number_variables = ( "table_open_cache", "max_connections" );
 	}
 else {
 	@mysql_number_variables = ( "table_cache", "max_connections" );
 	}
+
 @mysql_byte_variables = ( "max_allowed_packet" );
 my $mysql8_optout = &compare_version_numbers($mysql_version, "8.0") >= 0 && $mysql_version !~ /maria/i;
 if (!$mysql8_optout) {
@@ -115,6 +108,15 @@ else {
 	push(@mysql_set_variables, "myisam_sort_buffer_size");
 	}
 
+if (&compare_version_numbers($mysql_version, "5.5") >= 0) {
+	push(@mysql_byte_variables, "key_buffer_size", "sort_buffer_size",
+				    "net_buffer_length");
+	}
+else {
+	@mysql_set_variables = ( "key_buffer", "sort_buffer",
+				 "net_buffer_length" );
+	}
+
 # make_authstr([login], [pass], [host], [port], [sock], [unix-user], [ssl])
 # Returns a string to pass to MySQL commands to login to the database
 sub make_authstr
@@ -1766,6 +1768,18 @@ return
    $variant eq "mysql" && &compare_version_numbers($ver, "8.0") >= 0;
 }
 
+# get_innodb_file_per_table_default()
+# Returns 1 if the InnoDB file-per-table option is disabled by default
+sub get_innodb_file_per_table_default
+{
+my ($ver, $variant) = &get_remote_mysql_variant();
+return
+      ($variant eq 'mariadb' && &compare_version_numbers($ver, '10.1.0') < 0) ||
+      ($variant eq 'mysql' && &compare_version_numbers($ver, '5.6.6') < 0)
+      	? 1
+	: 0;
+}
+
 # get_plugin_sql(version, variant, plainpass, plugin)
 # Get the right query for setting user password with plugin
 sub get_plugin_sql

mysql/root_form.cgi

@@ -18,7 +18,7 @@ else {
 		$mysql_login ? "<tt>$mysql_login</tt>"
 			     : "<label>$text{'root_auto'}</label>");
 	print &ui_table_row($text{'root_pass'},
-		$mysql_pass ? "<tt>$mysql_pass</tt>"
+		$mysql_pass ? "<tt>".&ui_text_mask($mysql_pass)."</tt>"
 			    : &ui_text_color($text{'root_none'}, 'danger'));
 	print &ui_table_row($text{'root_newpass1'},
 		&ui_password("newpass1", undef, 20));

mysql/save_cnf.cgi

@@ -13,6 +13,7 @@ foreach my $l (&get_all_mysqld_files()) {
 $conf = &get_mysql_config();
 ($mysqld) = grep { $_->{'name'} eq 'mysqld' } @$conf;
 $mysqld || &error($text{'cnf_emysqld'});
+$mems = $mysqld->{'members'};
 
 # Parse mysql server inputs
 if ($in{'port_def'}) {
@@ -53,11 +54,9 @@ else {
 &save_directive($conf, $mysqld, "default-storage-engine",
 		$in{'stor'} ? [ $in{'stor'} ] : [ ]);
 
-$fpt = &find_value("innodb_file_per_table", $mems);
-if ($fpt || $in{'fpt'}) {
-	&save_directive($conf, $mysqld, "innodb_file_per_table",
-			[ $in{'fpt'} ]);
-	}
+my $ifpt_def_off = &get_innodb_file_per_table_default();
+&save_directive($conf, $mysqld, "innodb_file_per_table",
+	[ $in{'fpt'} ? ($ifpt_def_off ? 1 : undef) : 0 ]);
 
 if ($in{'ilt_def'}) {
 	&save_directive($conf, $mysqld, "innodb_lock_wait_timeout", [ ]);

pam_login.cgi

@@ -72,7 +72,19 @@ print "$text{'pam_prefix'}\n";
 print &ui_form_start("@{[&get_webprefix()]}/pam_login.cgi", "post");
 print &ui_hidden("cid", $in{'cid'});
 
-print &ui_table_start($text{'pam_header'},
+my $not_secure;
+if ($ENV{'HTTPS'} ne 'ON') {
+	my $link = ui_tag('a', "⚠ $text{'login_notsecure'}", 
+		{ 'href' => "javascript:void(0);",
+		  'class' => 'inherit-color',
+		  'onclick' => "window.location.href = ".
+		    "window.location.href.replace(/^http:/, 'https:'); return false;",
+		});
+	$not_secure = ui_tag('span', $link,
+		{ class => 'not-secure', title => $text{'login_notsecure_desc'} });
+	}
+
+print &ui_table_start($text{'pam_header'} . $not_secure,
 		      "width=40% class='loginform'", 2);
 
 if ($gconfig{'realname'}) {

postfix/header.cgi

@@ -27,7 +27,8 @@ print &ui_form_end([ [ undef, $text{'opts_save'} ] ]);
 
 # Header map contents
 print &ui_hr();
-if (&get_real_value("header_checks") eq "") {
+my $hc = &get_real_value("mime_header_checks");
+if ($hc eq "") {
     print $text{'opts_header_checks_no_map'},"<p>\n";
 } else {
     &generate_map_edit("header_checks", $text{'map_click'}." ".
@@ -37,8 +38,11 @@ if (&get_real_value("header_checks") eq "") {
 
 # MIME header map contents
 print &ui_hr();
-if (&get_real_value("mime_header_checks") eq "") {
+my $mhc = &get_real_value("mime_header_checks");
+if ($mhc eq "") {
     print $text{'opts_mime_header_checks_no_map'},"<p>\n";
+} elsif ($mhc eq $hc) {
+    print $text{'opts_mime_header_checks_same_map'},"<p>\n";
 } else {
     &generate_map_edit("mime_header_checks", $text{'map_click'}." ".
 		       &hlink($text{'help_map_format'}, "header"), 1,

postfix/lang/en

@@ -654,6 +654,7 @@ opts_header_checks=Header checking tables
 opts_mime_header_checks=MIME header checking tables
 opts_header_checks_no_map=(No header checking map is currently defined. Define a map first, then you can edit it)
 opts_mime_header_checks_no_map=(No MIME header checking map is currently defined. Define a map first, then you can edit it)
+opts_mime_header_checks_same_map=(MIME header checks are the same as regular header checks. Define a different map first, then you can edit it)
 header_name=Regular expression
 header_value=Action for matches
 header_discard=Discard (with log message..)
@@ -868,6 +869,7 @@ opts_smtpd_tls_key_file=TLS private key file
 opts_smtpd_tls_CAfile=TLS certificate authority file
 opts_smtpd_use_tls=Enable TLS encryption?
 opts_smtp_enforce_tls=Require TLS encryption?
+opts_smtputf8_enable=Enable SMTPUTF8 support?
 sasl_err=Failed to save SMTP authentication and encryption
 sasl_ecert=Missing or invalid TLS certificate file
 sasl_ekey=Missing or invalid TLS key file

postfix/postfix-lib.pl

@@ -436,7 +436,7 @@ sub option_freefield
 sub option_yesno
 {
     my $name = $_[0];
-    my $v = &get_current_value($name);
+    my $v = &resolve_current_value($name);
     my $key = 'opts_'.$name;
 
     print &ui_table_row(defined($_[1]) ? &hlink($text{$key}, "opt_".$name)

postfix/smtp.cgi

@@ -100,6 +100,11 @@ if (&compare_version_numbers($postfix_version, 3.3) >= 0) {
 	&option_yesno("smtp_balance_inet_protocols");
 	}
 
+# SMTPUTF8 support
+if (&compare_version_numbers($postfix_version, 3.0) >= 0) {
+	&option_yesno("smtputf8_enable");
+	}
+
 print &ui_table_end();
 print &ui_form_end([ [ undef, $text{'opts_save'} ] ]);
 

session_login.cgi

@@ -91,7 +91,20 @@ print "$text{'session_prefix'}\n";
 
 print &ui_form_start("@{[&get_webprefix()]}/session_login.cgi", "post");
 print &ui_hidden("page", $in{'page'});
-print &ui_table_start($text{'session_header'},
+
+my $not_secure;
+if ($ENV{'HTTPS'} ne 'ON') {
+	my $link = ui_tag('a', "⚠ $text{'login_notsecure'}", 
+		{ 'href' => "javascript:void(0);",
+		  'class' => 'inherit-color',
+		  'onclick' => "window.location.href = ".
+		    "window.location.href.replace(/^http:/, 'https:'); return false;",
+		});
+	$not_secure = ui_tag('span', $link,
+		{ class => 'not-secure', title => $text{'login_notsecure_desc'} });
+	}
+
+print &ui_table_start($text{'session_header'} . $not_secure,
 		      "width=40% class='loginform'", 2);
 
 # Login message

setup.pl

@@ -406,6 +406,7 @@ else {
 			'errorlog' => "$var_dir/miniserv.error",
 			'pidfile' => "$var_dir/miniserv.pid",
 			'logtime' => 168,
+			'logclear' => 1,
 			'ppath' => $ppath,
 			'ssl' => $ssl,
 			'no_ssl2' => 1,
@@ -778,12 +779,13 @@ else {
 	}
 system("$perl ".&quote_path("$wadir/copyconfig.pl")." ".&quote_path("$os_type/$real_os_type")." ".&quote_path("$os_version/$real_os_version")." ".&quote_path($wadir)." ".$config_directory." \"\" ".$allmods . " >/dev/null 2>&1");
 if (!$upgrading) {
-	# Store the OS and version
+	# Store the OS and version, and enable log and log clearing
 	&read_file("$config_directory/config", \%gconfig);
 	$gconfig{'os_type'} = $os_type;
 	$gconfig{'os_version'} = $os_version;
 	$gconfig{'real_os_type'} = $real_os_type;
 	$gconfig{'real_os_version'} = $real_os_version;
+	$gconfig{'logclear'} = 1;
 	$gconfig{'log'} = 1;
 	&write_file("$config_directory/config", \%gconfig);
 	}

setup.sh

@@ -662,7 +662,7 @@ if [ ! -f "$config_dir/.pre-install" ]; then
 fi
 
 # Test if we have systemd system
-systemctlcmd=$(which systemctl 2>/dev/null)
+systemctlcmd=$(command -v systemctl 2>/dev/null || :)
 if [ -x "$systemctlcmd" ]; then
     initsys=$(cat /proc/1/comm 2>/dev/null)
     if [ "$initsys" != "systemd" ]; then
@@ -819,15 +819,20 @@ if [ "$upgrading" != 1 ]; then
 		echo licence_module=$licence_module >>$config_dir/config
 	fi
 
+	# Enable log rotation by default
+	echo "logclear=1" >> $config_dir/miniserv.conf
+	echo "logclear=1" >> $config_dir/config
+	
+	# Enable HSTS by default
+	echo "ssl_hsts=1" >> $config_dir/miniserv.conf
+
 	# Disallow unknown referers by default
 	echo "referers_none=1" >>$config_dir/config
 else
-	# one-off hack to set log variable in config from miniserv.conf
-	grep log= $config_dir/config >/dev/null
-	if [ "$?" = "1" ]; then
-		grep log= $config_dir/miniserv.conf >> $config_dir/config
-		grep logtime= $config_dir/miniserv.conf >> $config_dir/config
-		grep logclear= $config_dir/miniserv.conf >> $config_dir/config
+	# Enable HSTS by default if not set
+	grep ssl_hsts= $config_dir/miniserv.conf >/dev/null
+	if [ "$?" != "0" ]; then
+		echo "ssl_hsts=1" >> $config_dir/miniserv.conf
 	fi
 
 	# Disallow unknown referers if not set

software/do_install.cgi

@@ -97,7 +97,6 @@ if ($in{'need_unlink'}) {
 		"delete_file.cgi?file=".
 		&urlize($in{'file'})),"<p>\n";
 	}
-print &ui_hr();
 &ui_print_footer("", $text{'index_return'});
 exit;
 }

software/yum-lib.pl

@@ -119,6 +119,13 @@ while(<CMD>) {
 		$pkg =~ s/\-\d.*$//;	# Strip version number from end
 		push(@rv, $pkg);
 		}
+	elsif (/\]\s+(Upgrading|Installing)\s+(\S+)/) {
+		# Line like :
+		# [3/8] Upgrading libcurl-0:8.11.1-5.fc42 100% ...
+		local $pkg = $2;
+		$pkg =~ s/:\d.*$//;	# Strip version number from end
+		push(@rv, $pkg);
+		}
 	if (!/ETA/ && !/\%\s+done\s+\d+\/\d+\s*$/) {
 		print &html_escape($_."\n");
 		}

status/cfengine-monitor.pl

@@ -1,24 +0,0 @@
-# cfengine-monitor.pl
-# Monitor the cfengine daemon on this host
-
-# Check the PID file to see if cfd is running
-sub get_cfengine_status
-{
-local %cconfig = &foreign_config($_[1]);
-&has_command($cconfig{'cfd'}) || return { 'up' => -1 };
-local @pids = &find_byname("cfd");
-if (@pids) {
-	return { 'up' => 1 };
-	}
-else {
-	return { 'up' => 0 };
-	}
-}
-
-sub parse_cfengine_dialog
-{
-&depends_check($_[0], "cfengine");
-}
-
-1;
-

status/delete_mons.cgi

@@ -33,7 +33,5 @@ else {
 	&reset_environment();
 	&webmin_log("refresh");
 	print $text{'refresh_done'},"<p>\n";
-	print &js_redirect("index.cgi");
-
 	&ui_print_footer("", $text{'index_return'});
 	}

status/dnsadmin-monitor.pl

@@ -1,28 +0,0 @@
-# dnsadmin-monitor.pl
-# Monitor the BIND 4 DNS server on this host
-
-# Check the PID file to see if BIND is running
-sub get_dnsadmin_status
-{
-return { 'up' => -1 } if (!&foreign_check($_[1]));
-&foreign_require($_[1], "dns-lib.pl");
-local %dconfig = &foreign_config($_[1]);
-return { 'up' => -1 } if (!-r $dconfig{'named_boot_file'});
-if (open(PID, "<".$dconfig{'named_pid_file'}) && <PID> =~ /(\d+)/ && kill(0, $1)) {
-	close(PID);
-	local @st = stat($dconfig{'named_pid_file'});
-	return { 'up' => 1,
-		 'desc' => &text('up_since', scalar(localtime($st[9]))) };
-	}
-else {
-	return { 'up' => 0 };
-	}
-}
-
-sub parse_dnsadmin_dialog
-{
-&depends_check($_[0], "dnsadmin");
-}
-
-1;
-

status/jabber-monitor.pl

@@ -1,28 +0,0 @@
-# jabber-monitor.pl
-# Monitor the jabber server on this host
-
-# Check the PID file to see if mon is running
-sub get_jabber_status
-{
-return { 'up' => -1 } if (!&foreign_check($_[1]));
-local %jconfig = &foreign_config($_[1]);
--r $jconfig{'jabber_config'} || return { 'up' => -1 };
-&foreign_require($_[1], "jabber-lib.pl");
-local $pidfile = &foreign_call($_[1], "jabber_pid_file");
-if (open(PID, "<".$pidfile) && ($pid = int(<PID>)) && kill(0, $pid)) {
-	return { 'up' => 1 };
-	}
-else {
-	return { 'up' => 0 };
-	}
-}
-
-sub parse_jabber_dialog
-{
-&depends_check($_[0], "jabber");
-eval "use XML::Parser";
-&error(&text('jabber_eparser', "<tt>XML::Parser</tt>")) if ($@);
-}
-
-1;
-

status/lang/en

@@ -25,7 +25,6 @@ type_inetd=Internet and RPC Server
 type_xinetd=Extended Internet Server
 type_squid=Squid Proxy Server
 type_bind8=BIND DNS Server
-type_dnsadmin=BIND 4 DNS Server
 type_dhcpd=DHCP Server
 type_tcp=TCP Connection
 type_http=HTTP Request
@@ -51,12 +50,10 @@ type_change=File or Directory Change
 type_oldfile=File Not Changed
 type_qmailadmin=QMail Server
 type_mon=MON Service Monitor
-type_jabber=Jabber IM Server
 type_usermin=Usermin Webserver
 type_portsentry=Portsentry Daemon
 type_hostsentry=Hostsentry Daemon
 type_webmin=Webmin Webserver
-type_cfengine=Configuration Engine Daemon
 type_memory=Free Memory
 type_proftpd=ProFTPD Server
 type_dovecot=Dovecot IMAP/POP3 Server
@@ -66,7 +63,6 @@ type_raid=RAID Device Status
 type_iface=Network Interface Status
 type_init=Bootup Action
 type_sensors=LM Sensor Status
-type_nut=NUT UPS Value
 type_mailq=Mail Queue Size
 type_dns=DNS Lookup
 type_query=SQL Query
@@ -78,6 +74,7 @@ type_smtp=SMTP Connection
 type_imap=IMAP Connection
 type_firewalld=FirewallD Server
 type_reboot=Reboot Required
+type_phpini=PHP-FPM Server
 
 mon_create=Create Monitor
 mon_edit=Edit Monitor
@@ -333,8 +330,6 @@ acl_sched=Can change scheduled monitoring?
 
 change_file=File or directory to monitor (fail if changed)
 
-jabber_eparser=The Perl module $1 is not installed on your system.
-
 memory_min2=Minimum free real memory
 memory_emin=Missing or invalid amount of free real memory
 memory_eproc=Webmin does not know how to check free memory on your operating system
@@ -374,7 +369,7 @@ init_eaction=No action selected
 refresh_title=Refresh Status
 refresh_doing=Refreshing the status of all monitors ..
 refresh_doing2=Refreshing the status of $1 selected monitors ..
-refresh_done=.. done.
+refresh_done=.. done
 
 sensors_name=Sensor to check
 sensors_value=Failed when
@@ -387,17 +382,6 @@ sensors_cur=$1 (currently $2 $3)
 sensors_emin=Missing or invalid minimum value
 sensors_emax=Missing or invalid maximum value
 
-nut_ups=NUT UPS to check
-nut_name=Attribute to check
-nut_value=Failed when
-nut_value1=Value is below $1
-nut_value2=Value is above $1
-nut_cmd=The command <tt>upsc</tt> is not installed on your system. This monitor requires the NUT package be installed and configured to operate.
-nut_eups=No USP to check entered
-nut_cur=$1 (currently $2)
-nut_emin=Missing or invalid minimum value
-nut_emax=Missing or invalid maximum value
-
 mailq_system=Mail server
 mailq_qmailadmin=Qmail
 mailq_postfix=Postfix
@@ -622,4 +606,11 @@ imap_euser=Missing IMAP login
 
 reboot_pkgs=Package updates require a reboot
 
+phpini_file=PHP-FPM version
+phpini_nofile=PHP-FPM configuration file not found!
+phpini_efile=No PHP-FPM version selected!
+phpini_noinit=No bootup action found for PHP-FPM version
+phpini_noinit2=Bootup action $1 does not exist!
+phpini_downinit=Bootup action $1 is down
+
 __norefs=1

status/nut-monitor.pl

@@ -1,89 +0,0 @@
-# Check if some NUT value is too low or high
-
-sub get_nut_status
-{
-return { 'up' => -1 } if (!&has_command("upsc"));
-local @sens = &get_ups_values($_[0]->{'ups'});
-local ($sens) = grep { $_->{'name'} eq $_[0]->{'name'} } @sens;
-return { 'up' => 1 } if (!$sens);
-if ($_[0]->{'mode'} == 1) {
-	return $sens->{'value'} < $_[0]->{'min'} ? { 'up' => 0 }
-						 : { 'up' => 1 };
-	}
-elsif ($_[0]->{'mode'} == 2) {
-	return $sens->{'value'} > $_[0]->{'max'} ? { 'up' => 0 }
-						 : { 'up' => 1 };
-	}
-}
-
-sub show_nut_dialog
-{
-if (!&has_command("upsc")) {
-	print &ui_table_row(undef, $text{'nut_cmd'}, 4);
-	}
-else {
-	# UPS name
-	print &ui_table_row($text{'nut_ups'},
-		&ui_textbox("ups", $_[0]->{'ups'}, 20));
-
-	# Value to check
-	local @sens = &get_ups_values();
-	if (@sens) {
-		print &ui_table_row($text{'nut_name'},
-		    &ui_select("name", $_[0]->{'name'},
-			[ map { [ $_->{'name'},
-			    &text('nut_cur', $_->{'name'}, $_->{'value'}) ] }
-			  @sens ]));
-		}
-	else {
-		print &ui_table_row($text{'nut_name'},
-		    &ui_textbox("name", $_[0]->{'name'}, 20));
-		}
-
-	# Expected value
-	print &ui_table_row($text{'nut_value'},
-	    &ui_radio("mode", $_[0]->{'mode'} || 1,
-		[ [ 1, &text('sensors_value1',
-			     &ui_textbox("min", $_[0]->{'min'}, 8)) ],
-		  [ 2, &text('sensors_value2',
-			     &ui_textbox("max", $_[0]->{'max'}, 8)) ] ]),
-	    3);
-	}
-}
-
-sub parse_nut_dialog
-{
-&has_command("upsc") || &error($text{'nut_cmd'});
-$in{'ups'} =~ /^\S+$/ || &error($text{'nut_eups'});
-$_[0]->{'ups'} = $in{'ups'};
-$_[0]->{'name'} = $in{'name'};
-$_[0]->{'mode'} = $in{'mode'};
-$_[0]->{'max'} = $in{'max'};
-$_[0]->{'min'} = $in{'min'};
-if ($in{'mode'} == 1) {
-	$in{'min'} =~ /^[0-9\.\+\-]+$/ || &error($text{'nut_emin'});
-	}
-elsif ($in{'mode'} == 2) {
-	$in{'max'} =~ /^[0-9\.\+\-]+$/ || &error($text{'nut_emax'});
-	}
-}
-
-# get_ups_values(ups)
-# Returns a list of NUT attribute names and values for some UPS
-sub get_ups_values
-{
-if (!scalar(@get_ups_cache)) {
-	local @rv;
-	open(SENS, "upsc ".quotemeta($_[0])." 2>/dev/null |");
-	while(<SENS>) {
-		if (/^(\S+):\s+(.*)/) {
-			push(@rv, { 'name' => $1,
-				    'value' => $2 });
-			}
-		}
-	close(SENS);
-	@get_ups_cache = @rv;
-	}
-return @get_ups_cache;
-}
-

status/phpini-monitor.pl

@@ -0,0 +1,51 @@
+# phpini-monitor.pl
+# Monitor a FPM-FPM server
+
+sub get_phpini_status
+{
+my ($serv, $mod) = @_;
+return { 'up' => -1 } if (!&foreign_check("phpini"));
+return { 'up' => -1 } if (!&foreign_check("init"));
+&foreign_require("phpini");
+my @files = &phpini::list_php_configs();
+my ($file) = grep { $_->[0] eq $serv->{'inifile'} } @files;
+return { 'up' => -1,
+	 'desc' => $text{'phpini_nofile'} } if (!$file);
+my $init = &phpini::get_php_ini_bootup($serv->{'inifile'});
+return { 'up' => -1,
+	 'desc' => $text{'phpini_noinit'} } if (!$init);
+&foreign_require("init");
+my $st = &init::status_action($init);
+if ($st < 0) {
+	return { 'up' => -1,
+		 'desc' => &text('phpini_noinit2', $init) };
+	}
+elsif ($st > 0) {
+	return { 'up' => 1 };
+	}
+else {
+	return { 'up' => 0,
+		 'desc' => &text('phpini_downinit', $init) };
+	}
+}
+
+sub show_phpini_dialog
+{
+my ($serv) = @_;
+&foreign_require("phpini");
+my @files = grep { $_->[1] }
+		 map { [ $_->[0], &phpini::get_php_ini_version($_->[0]) ] }
+		     &phpini::list_php_configs();
+my %donever;
+@files = grep { !$donever{$_->[1]}++ } @files;
+print &ui_table_row($text{'phpini_file'},
+	&ui_select("inifile", $serv->{'inifile'}, \@files));
+}
+
+sub parse_phpini_dialog
+{
+my ($serv) = @_;
+$in{'inifile'} || &error($text{'phpini_efile'});
+$serv->{'inifile'} = $in{'inifile'};
+}
+

ui-lib.pl

@@ -3760,5 +3760,56 @@ my ($content, $attrs) = @_;
 return ui_tag('p', $content, $attrs);
 }
 
+=head2 ui_text_mask(text, [tag], [extra_class])
+
+Returns an HTML string with the given text hidden inside a tag that only shows
+on hover. If a second parameter is given, it is used as the outer tag that
+triggers the hover (default is "td"). If a third parameter is provided,
+it is added as an extra class to both the tag and its style.
+
+=cut
+sub ui_text_mask
+{
+return &theme_ui_text_mask(@_) if (defined(&theme_ui_text_mask));
+my ($text, $tag, $extra_class) = @_;
+my $class = 'hover-mask';
+my $classcss = ".$class";
+if ($extra_class) {
+	$class .= " $extra_class";
+	$classcss .= ".$extra_class";
+	}
+$tag ||= 'td';
+my $style_content = <<"CSS";
+x-ui-text-mask${classcss} {
+	position: relative;
+	display: inline-block;
+	color: transparent;
+	transition:color .25s ease;
+}
+x-ui-text-mask${classcss}::after{
+	content: attr(data-mask);
+	position: absolute;
+	inset: 0;
+	color: var(--ui-password-mask-color, #000);
+	pointer-events: none;
+	transition: opacity .25s ease;
+}
+$tag:has(>*>x-ui-text-mask${classcss}):hover x-ui-text-mask${classcss},
+$tag:has(>x-ui-text-mask${classcss}):hover x-ui-text-mask${classcss}{
+	color: inherit;
+}
+$tag:has(>*>x-ui-text-mask${classcss}):hover x-ui-text-mask${classcss}::after,
+$tag:has(>x-ui-text-mask${classcss}):hover x-ui-text-mask${classcss}::after{
+	opacity: 0;
+}
+CSS
+my $rv = '';
+$rv .= &ui_tag('style', $style_content, { type => 'text/css' })
+	if (!$main::ui_text_mask_donecss->{"$tag$class"}++);
+$rv .= &ui_tag('x-ui-text-mask', $text,
+	{ 'class' => $class, 'data-mask' => '••••••••' });
+return $rv;
+}
+
 1;
 

version

@@ -1 +1 @@
-2.401
+2.402

web-lib-funcs.pl

@@ -1077,11 +1077,13 @@ sub PrintHeader
 {
 my ($cs, $mt, $headers) = @_;
 $mt ||= "text/html";
-if ($ENV{'SSL_HSTS'} == 1 && uc($ENV{'HTTPS'}) eq "ON") {
-	print "Strict-Transport-Security: max-age=31536000;\n";
-	}
-elsif (uc($ENV{'HTTPS'}) ne "ON") {
-	print "Strict-Transport-Security: max-age=0;\n";
+if (uc($ENV{'HTTPS'}) eq "ON") {
+	if ($ENV{'SSL_HSTS'}) {
+		print "Strict-Transport-Security: max-age=31536000;\n";
+		}
+	else {
+		print "Strict-Transport-Security: max-age=0;\n";
+		}
 	}
 if ($pragma_no_cache || $gconfig{'pragma_no_cache'}) {
 	print "pragma: no-cache\n";
@@ -2126,7 +2128,7 @@ if ($_[0] =~ /^\// || $_[0] =~ /^[a-z]:[\\\/]/i) {
 else {
 	# Check each directory in the path
 	my %donedir;
-	foreach my $d (split($path_separator, $ENV{'PATH'})) {
+	foreach my $d (split($path_separator || ":", $ENV{'PATH'})) {
 		next if ($donedir{$d}++);
 		$d =~ s/$slash$// if ($d ne $slash);
 		my $t = &translate_filename("$d/$_[0]");

webmin/edit_debug.cgi

@@ -28,7 +28,7 @@ print &ui_table_row($text{'debug_file'},
 print &ui_table_row($text{'debug_size'},
 	&ui_radio("debug_size_def", $gconfig{'debug_size'} ? 0 : 1,
 		  [ [ 1, $text{'default'}.
-			 " (".&nice_size($main::default_debug_log_size).")" ],
+			 " (".&html_strip(&nice_size($main::default_debug_log_size)).")" ],
 		    [ 0, &ui_bytesbox("debug_size", $gconfig{'debug_size'}) ] ]
 		 ), undef, [ "valign=middle","valign=middle" ]);