Fix typo

Dev/jail-backend-port

dovecot/dovecot-lib.pl

@@ -4,7 +4,10 @@ BEGIN { push(@INC, ".."); };
 use WebminCore;
 &init_config();
 
-@supported_auths = ( "anonymous", "plain", "digest-md5", "cram-md5", "apop" );
+@supported_auths = ( "anonymous", "plain", "digest-md5", "cram-md5", "apop",
+		     "scram-sha-1", "scram-sha-256", "ntlm", "gss-spnego",
+		     "gssapi", "rpa", "otp", "skey", "external",
+		     "oauthbearer", "xoauth2" );
 @mail_envs = ( undef, "maildir:~/Maildir", "mbox:~/mail/:INBOX=/var/mail/%u",
 	       "maildir:~/Maildir:mbox:~/mail/" );
 

dovecot/edit_login.cgi

@@ -29,9 +29,9 @@ else {
 					  "auth", "default"));
 	}
 print &ui_table_row($text{'login_mechs'},
-		    &ui_select("mechs", \@mechs,
-			[ map { [ $_, $text{'login_'.$_} ] } @supported_auths ],
-			4, 1, 1));
+    &ui_select("mechs", \@mechs,
+	[ map { [ $_, $text{'login_'.$_} || uc($_) ] } @supported_auths ],
+	4, 1, 1));
 
 print &ui_table_hr();
 

dovecot/lang/en

@@ -92,6 +92,11 @@ login_plain=Plain-text
 login_digest-md5=Digest-MD5
 login_cram-md5=Cram-MD5
 login_apop=APOP
+login_otp=One time password
+login_skey=Security key
+login_oauthbearer=OAuth2 bearer authentication
+login_xoauth2=Google OAuth2 bearer authentication
+login_external=External SASL authentication
 login_userdb=Data source for users, homes and IDs
 login_passwd=Standard Unix user database
 login_passwdfile=Custom password file $1

fail2ban/list_jails.cgi

@@ -37,8 +37,7 @@ foreach my $j (@jails) {
 	print &ui_checked_columns_row([
 		&ui_link("edit_jail.cgi?name=".&urlize($j->{'name'}),
 			 $j->{'name'}),
-		$enabled =~ /true|yes|1/i ? $text{'yes'} :
-			"<font color=red>$text{'no'}</font>",
+		$enabled =~ /true|yes|1/i ? $text{'yes'} : $text{'no'},
 		&html_escape($filter),
 		$action,
 		], \@tds, "d", $j->{'name'});

filemin/defaultacl

@@ -1,3 +1,3 @@
 allowed_paths=$HOME
 work_as_root=1
-allowed_for_edit=application-x-php application-x-ruby application-xml application-xslt+xml application-javascript application-x-shellscript application-x-perl application-x-yaml application-json  application-x-x509-ca-cert application-pkix-cert application-sql application-x-sql application-x-asp application-x-aspx application-xhtml+xml
+allowed_for_edit=application-x-php application-x-ruby application-xml application-xslt+xml application-javascript application-x-shellscript application-x-perl application-x-yaml application-json  application-x-x509-ca-cert application-pkix-cert application-x-sql application-x-asp application-x-aspx application-xhtml+xml

filemin/filemin-lib.pl

@@ -169,6 +169,9 @@ sub print_interface {
     local $upid = time().$$;
     $bookmarks = get_bookmarks();
     @allowed_for_edit = split(/\s+/, $access{'allowed_for_edit'});
+    # Some experimental MIME types are now recognized
+    push(@allowed_for_edit, map { (my $__ = $_) =~ s/-x-/-/;
+        $__ ne $_ ? $__ : () } @allowed_for_edit);
     %allowed_for_edit = map { $_ => 1} @allowed_for_edit;
     my %tinfo = &get_theme_info($current_theme);
 

gray-theme/theme.pl

@@ -949,11 +949,28 @@ for(var i=0; i<tabnames.length; i++) {
 		       '<img src=$imgdir/lc2.gif alt=""></td>'+
 		       '<td class=\\'tabSelected\\' nowrap>'+
 		       '&nbsp;<b>'+title+'</b>&nbsp;</td>'+
-	               '<td valign=top class=\\'tabSelected\\'>'+
+		       '<td valign=top class=\\'tabSelected\\'>'+
 		       '<img src=$imgdir/rc2.gif alt=""></td>'+
 		       '</tr></table>';
     divobj.className = 'opener_shown';
+    try {
+	var nestedForm = divobj.querySelector("form[data-form-nested]");
+	if (nestedForm) {
+		var nestedFormId = nestedForm.getAttribute("data-form-nested"),
+		formSubmitters = document
+			.querySelectorAll(
+				"[data-submit-nested='" + nestedFormId + "']");
+		if (formSubmitters) {
+			formSubmitters.forEach(function(submitter) {
+				submitter.setAttribute(
+					"form", nestedForm.getAttribute('id'));
+			});
+		}
+	}
+    } catch(e) {
+	console.warn('Cannot set the related submitter ID of the nested form : ' + e);
     }
+  }
   else {
     // Non-selected tab
     tabobj.innerHTML = '<table cellpadding=0 cellspacing=0><tr>'+

miniserv.pl

@@ -175,10 +175,10 @@ elsif (!$config{'no_pam'}) {
 	}
 if ($config{'pam_only'} && !$use_pam) {
 	foreach $msg (@startup_msg) {
-		print STDERR $msg,"\n";
+		&log_error($msg);
 		}
-	print STDERR "PAM use is mandatory, but could not be enabled!\n";
-	print STDERR "no_pam and pam_only both are set!\n" if ($config{no_pam});
+	&log_error("PAM use is mandatory, but could not be enabled!");
+	&log_error("no_pam and pam_only both are set!") if ($config{no_pam});
 	exit(1);
 	}
 elsif ($pam_msg && !$use_pam) {
@@ -263,13 +263,13 @@ if ($@) {
 if (!-r $config{'keyfile'}) {
 	# Key file doesn't exist!
 	if ($config{'keyfile'}) {
-		print STDERR "SSL key file $config{'keyfile'} does not exist\n";
+		&log_error("SSL key file $config{'keyfile'} does not exist");
 		}
 	$use_ssl = 0;
 	}
 elsif ($config{'certfile'} && !-r $config{'certfile'}) {
 	# Cert file doesn't exist!
-	print STDERR "SSL cert file $config{'certfile'} does not exist\n";
+	&log_error("SSL cert file $config{'certfile'} does not exist");
 	$use_ssl = 0;
 	}
 if ($use_ssl) {
@@ -359,7 +359,7 @@ foreach $pl (split(/\s+/, $config{'preload'})) {
 	$pkg =~ s/[^A-Za-z0-9]/_/g;
 	eval "package $pkg; do '$config{'root'}/$lib'";
 	if ($@) {
-		print STDERR "Failed to pre-load $lib in $pkg : $@\n";
+		&log_error("Failed to pre-load $lib in $pkg : $@");
 		}
 	}
 foreach $pl (split(/\s+/, $config{'premodules'})) {
@@ -372,13 +372,13 @@ foreach $pl (split(/\s+/, $config{'premodules'})) {
 	push(@INC, "$config{'root'}/$dir");
 	eval "package $mod; use $mod ()";
 	if ($@) {
-		print STDERR "Failed to pre-load $mod : $@\n";
+		&log_error("Failed to pre-load $mod : $@");
 		}
 	}
 foreach $mod (split(/\s+/, $config{'preuse'})) {
 	eval "use $mod;";
 	if ($@) {
-		print STDERR "Failed to pre-load $mod : $@\n";
+		&log_error("Failed to pre-load $mod : $@");
 		}
 	}
 
@@ -527,25 +527,25 @@ for($i=0; $i<@sockets; $i++) {
 		}
 	}
 foreach $se (@sockerrs) {
-	print STDERR $se,"\n";
+	&log_error($se);
 	}
 
 # If all binds failed, try binding to any address
 if (!@socketfhs && !$tried_inaddr_any) {
-	print STDERR "Falling back to listening on any address\n";
+	&log_error("Falling back to listening on any address");
 	$fh = "MAIN";
 	socket($fh, PF_INET(), SOCK_STREAM, $proto) ||
 		die "Failed to open socket : $!";
 	setsockopt($fh, SOL_SOCKET, SO_REUSEADDR, pack("l", 1));
 	if (!bind($fh, pack_sockaddr_in($sockets[0]->[1], INADDR_ANY))) {
-		print STDERR "Failed to bind to port $sockets[0]->[1] : $!\n";
+		&log_error("Failed to bind to port $sockets[0]->[1] : $!");
 		exit(1);
 		}
 	listen($fh, &get_somaxconn());
 	push(@socketfhs, $fh);
 	}
 elsif (!@socketfhs && $tried_inaddr_any) {
-	print STDERR "Could not listen on any ports";
+	&log_error("Could not listen on any ports");
 	exit(1);
 	}
 
@@ -696,7 +696,7 @@ while(1) {
 			if ($childstarts{$c} &&
 			    $age > $config{'maxlifetime'}) {
 				kill(9, $c);
-				print STDERR "Killing long-running process $c after $age sconds\n";
+				&log_error("Killing long-running process $c after $age seconds");
 				delete($childstarts{$c});
 				}
 			}
@@ -824,7 +824,7 @@ while(1) {
 			$ipconns = $ipconnmap{$peera};
 			if ($config{'maxconns_per_ip'} >= 0 &&
 			    @$ipconns > $config{'maxconns_per_ip'}) {
-				print STDERR "Too many connections (",scalar(@$ipconns),") from IP $peera\n";
+				&log_error("Too many connections (",scalar(@$ipconns),") from IP $peera");
 				close(SOCK);
 				next;
 				}
@@ -835,7 +835,7 @@ while(1) {
 			$netconns = $netconnmap{$peernet};
 			if ($config{'maxconns_per_net'} >= 0 &&
 			    @$netconns > $config{'maxconns_per_net'}) {
-				print STDERR "Too many connections (",scalar(@$netconns),") from network $peernet\n";
+				&log_error("Too many connections (",scalar(@$netconns),") from network $peernet");
 				close(SOCK);
 				next;
 				}
@@ -887,8 +887,8 @@ while(1) {
 			# Work out the hostname for this web server
 			$host = &get_socket_name(SOCK, $ipv6fhs{$s});
 			if (!$host) {
-				print STDERR
-				    "Failed to get local socket name : $!\n";
+				&log_error(
+				    "Failed to get local socket name : $!");
 				close(SOCK);
 				next;
 				}
@@ -963,7 +963,19 @@ while(1) {
 		local $fromip = inet_ntoa((unpack_sockaddr_in($from))[1]);
 		local $toip = inet_ntoa((unpack_sockaddr_in(
 					 getsockname(LISTEN)))[1]);
-		if ((!@deny || !&ip_match($fromip, $toip, @deny)) &&
+
+		# Check for any rate limits
+		my $ratelimit = 0;
+		if ($last_udp{$fromip} &&
+		    time() - $last_udp{$fromip} < $config{'listen_delay'}) {
+			$ratelimit = 1;
+			}
+		else {
+			$last_udp{$fromip} = time();
+			}
+
+		if (!$ratelimit &&
+		    (!@deny || !&ip_match($fromip, $toip, @deny)) &&
 		    (!@allow || &ip_match($fromip, $toip, @allow))) {
 			local $listenhost = &get_socket_name(LISTEN, 0);
 			send(LISTEN, "$listenhost:$config{'port'}:".
@@ -1241,7 +1253,7 @@ while(1) {
 			elsif ($inline =~ /\S/) {
 				# Unknown line from pipe?
 				print DEBUG "main: Unknown line from pipe $inline\n";
-				print STDERR "Unknown line from pipe $inline\n";
+				&log_error("Unknown line from pipe $inline");
 				}
 			else {
 				# close pipe
@@ -1962,9 +1974,9 @@ if ($config{'session'} && !$validated) {
 				}
 			elsif ($1 == 3) {
 				# Session is OK, but from the wrong IP
-				print STDERR "Session $session_id was ",
+				&log_error("Session $session_id was ",
 				  "used from $acptip instead of ",
-				  "original IP $2\n";
+				  "original IP $2");
 				}
 			else {
 				# Invalid session ID .. don't set
@@ -1978,8 +1990,8 @@ if ($config{'session'} && !$validated) {
 		$baseauthuser = $can[3] || $authuser;
 		my $auser = &get_user_details($baseauthuser, $authuser);
 		if (!$auser) {
-			print STDERR "Session $session_id is for user ",
-				     "$authuser who does not exist\n";
+			&log_error("Session $session_id is for user ",
+				     "$authuser who does not exist");
 			$validated = 0;
 			$already_authuser = $authuser = undef;
 			}
@@ -3262,9 +3274,9 @@ else {
 		}
 	if ($@) {
 		# Somehow a string come through that contains invalid chars
-		print STDERR $@,"\n";
+		&log_error($@);
 		for(my $i=0; my @stack = caller($i); $i++) {
-			print STDERR join(" ", @stack),"\n";
+			&log_error(join(" ", @stack));
 			}
 		}
 	}
@@ -3729,7 +3741,7 @@ if ($use_pam) {
 				$rcode = 2;
 				}
 			else {
-				print STDERR "Unknown pam_acct_mgmt return value : $acct_ret\n";
+				&log_error("Unknown pam_acct_mgmt return value : $acct_ret");
 				$rcode = 0;
 				}
 			}
@@ -4624,23 +4636,23 @@ local $ssl_ctx;
 eval { $ssl_ctx = Net::SSLeay::new_x_ctx() };
 $ssl_ctx ||= Net::SSLeay::CTX_new();
 if (!$ssl_ctx) {
-	print STDERR "Failed to create SSL context : $!\n";
+	&log_error("Failed to create SSL context : $!");
 	return undef;
 	}
 my @extracas = $extracas && $extracas ne "none" ? split(/\s+/, $extracas) : ();
 
 # Validate cert files
 if (!-r $keyfile) {
-	print STDERR "SSL key file $keyfile does not exist\n";
+	&log_error("SSL key file $keyfile does not exist");
 	return undef;
 	}
 if ($certfile && !-r $certfile) {
-	print STDERR "SSL cert file $certfile does not exist\n";
+	&log_error("SSL cert file $certfile does not exist");
 	return undef;
 	}
 foreach my $p (@extracas) {
 	if (!-r $p) {
-		print STDERR "SSL CA file $p does not exist\n";
+		&log_error("SSL CA file $p does not exist");
 		return undef;
 		}
 	}
@@ -4659,7 +4671,7 @@ if (-r $config{'dhparams_file'}) {
 		};
 	}
 if ($@) {
-	print STDERR "Failed to load $config{'dhparams_file'} : $@\n";
+	&log_error("Failed to load $config{'dhparams_file'} : $@");
 	}
 
 if ($client_certs) {
@@ -4680,12 +4692,12 @@ foreach my $p (@extracas) {
 
 if (!Net::SSLeay::CTX_use_PrivateKey_file($ssl_ctx, $keyfile,
 					  &Net::SSLeay::FILETYPE_PEM)) {
-	print STDERR "Failed to open SSL key $keyfile\n";
+	&log_error("Failed to open SSL key $keyfile");
 	return undef;
 	}
 if (!Net::SSLeay::CTX_use_certificate_file($ssl_ctx, $certfile || $keyfile,
 					   &Net::SSLeay::FILETYPE_PEM)) {
-	print STDERR "Failed to open SSL cert ".($certfile || $keyfile)."\n";
+	&log_error("Failed to open SSL cert ".($certfile || $keyfile));
 	return undef;
 	}
 
@@ -4733,7 +4745,7 @@ sub ssl_connection_for_ip
 local ($sock, $ipv6) = @_;
 local $sn = getsockname($sock);
 if (!$sn) {
-	print STDERR "Failed to get address for socket $sock\n";
+	&log_error("Failed to get address for socket $sock");
 	return undef;
 	}
 local (undef, $myip, undef) = &get_address_ip($sn, $ipv6);
@@ -4744,8 +4756,8 @@ if ($config{'ssl_cipher_list'}) {
 	eval "Net::SSLeay::set_cipher_list(
 			\$ssl_con, \$config{'ssl_cipher_list'})";
 	if ($@) {
-		print STDERR "SSL cipher $config{'ssl_cipher_list'} failed : ",
-			     "$@\n";
+		&log_error("SSL cipher $config{'ssl_cipher_list'} failed : ",
+			     $@);
 		}
 	}
 
@@ -4878,6 +4890,7 @@ my %vital = ("port", 80,
 	  "maxconns", 50,
 	  "maxconns_per_ip", 25,
 	  "maxconns_per_net", 35,
+	  "listen_delay", 5,
 	  "pam", "webmin",
 	  "sidname", "sid",
 	  "unauth", "^/unauthenticated/ ^/robots.txt\$ ^[A-Za-z0-9\\-/_]+\\.jar\$ ^[A-Za-z0-9\\-/_]+\\.class\$ ^[A-Za-z0-9\\-/_]+\\.gif\$ ^[A-Za-z0-9\\-/_]+\\.png\$ ^[A-Za-z0-9\\-/_]+\\.conf\$ ^[A-Za-z0-9\\-/_]+\\.ico\$ ^/robots.txt\$",
@@ -4999,7 +5012,7 @@ if ($config{'twofactorfile'}) {
 if ($config{'userdb'}) {
 	my $dbh = &connect_userdb($config{'userdb'});
 	if (!ref($dbh)) {
-		print STDERR "Failed to open users database : $dbh\n"
+		&log_error("Failed to open users database : $dbh");
 		}
 	else {
 		&disconnect_userdb($config{'userdb'}, $dbh);
@@ -5043,7 +5056,7 @@ if ($config{'userdb'}) {
 	my %attrs;
 	if (!ref($dbh)) {
 		print DEBUG "get_user_details: Failed : $dbh\n";
-		print STDERR "Failed to connect to user database : $dbh\n";
+		&log_error("Failed to connect to user database : $dbh");
 		}
 	elsif ($proto eq "mysql" || $proto eq "postgresql") {
 		# Fetch user ID and password with SQL
@@ -5051,8 +5064,8 @@ if ($config{'userdb'}) {
 		my $cmd = $dbh->prepare(
 			"select id,pass from webmin_user where name = ?");
 		if (!$cmd || !$cmd->execute($username)) {
-			print STDERR "Failed to lookup user : ",
-				     $dbh->errstr,"\n";
+			&log_error("Failed to lookup user : ",
+				     $dbh->errstr);
 			return undef;
 			}
 		my ($id, $pass) = $cmd->fetchrow();
@@ -5070,8 +5083,8 @@ if ($config{'userdb'}) {
 		my $cmd = $dbh->prepare(
 			"select attr,value from webmin_user_attr where id = ?");
 		if (!$cmd || !$cmd->execute($id)) {
-			print STDERR "Failed to lookup user attrs : ",
-				     $dbh->errstr,"\n";
+			&log_error("Failed to lookup user attrs : ",
+				     $dbh->errstr);
 			return undef;
 			}
 		$user = { 'name' => $username,
@@ -5092,8 +5105,8 @@ if ($config{'userdb'}) {
                                   $args->{'userclass'}.'))',
 			scope => 'sub');
 		if (!$rv || $rv->code) {
-			print STDERR "Failed to lookup user : ",
-				     ($rv ? $rv->error : "Unknown error"),"\n";
+			&log_error("Failed to lookup user : ",
+				     ($rv ? $rv->error : "Unknown error"));
 			return undef;
 			}
 		my ($u) = $rv->all_entries();
@@ -5632,10 +5645,10 @@ if ($path ne "/") {
 my $request = HTTP::Request->new($method, $request_uri, $ho,
 				 $posted_data);
 if ($config{'dav_debug'}) {
-	print STDERR "DAV request :\n";
-	print STDERR "---------------------------------------------\n";
-	print STDERR $request->as_string();
-	print STDERR "---------------------------------------------\n";
+	&log_error("DAV request :");
+	&log_error("---------------------------------------------");
+	&log_error($request->as_string());
+	&log_error("---------------------------------------------");
 	}
 my $response = $webdav->run($request);
 
@@ -5656,17 +5669,16 @@ local $rv = &write_keep_alive(0);
 &write_data($content);
 
 if ($config{'dav_debug'}) {
-	print STDERR "DAV reply :\n";
-	print STDERR "---------------------------------------------\n";
-	print STDERR "HTTP/1.1 ",$response->code()," ",$response->message(),"\r\n";
+	&log_error("DAV reply :");
+	&log_error("---------------------------------------------");
+	&log_error("HTTP/1.1 ",$response->code()," ",$response->message());
 	foreach my $h ($response->header_field_names) {
 		next if (lc($h) eq "connection" || lc($h) eq "content-length");
-		print STDERR "$h: ",$response->header($h),"\r\n";
+		&log_error("$h: ",$response->header($h));
 		}
-	print STDERR "Content-length: ",length($content),"\r\n";
-	print STDERR "\r\n";
-	print STDERR $content;
-	print STDERR "---------------------------------------------\n";
+	&log_error("Content-length: ",length($content));
+	&log_error($content);
+	&log_error("---------------------------------------------");
 	}
 
 # Log it
@@ -5961,12 +5973,12 @@ if ($PASSINw) {
 local $ptyfh = new IO::Pty;
 print DEBUG "check_sudo_permissions: ptyfh=$ptyfh\n";
 if (!$ptyfh) {
-	print STDERR "Failed to create new PTY with IO::Pty\n";
+	&log_error("Failed to create new PTY with IO::Pty");
 	return 0;
 	}
 local @uinfo = getpwnam($user);
 if (!@uinfo) {
-	print STDERR "Unix user $user does not exist for sudo\n";
+	&log_error("Unix user $user does not exist for sudo");
 	return 0;
 	}
 
@@ -5981,7 +5993,7 @@ print DEBUG "check_sudo_permissions: about to fork..\n";
 local $pid = fork();
 print DEBUG "check_sudo_permissions: fork=$pid pid=$$\n";
 if ($pid < 0) {
-	print STDERR "fork for sudo failed : $!\n";
+	&log_error("fork for sudo failed : $!");
 	return 0;
 	}
 if (!$pid) {
@@ -6185,8 +6197,8 @@ if ($config{'userdb'}) {
 		if (!$cmd || !$cmd->execute("!".$uinfo->{'pass'},
 					    $uinfo->{'id'})) {
 			# Update failed
-			print STDERR "Failed to lock password : ",
-				     $dbh->errstr,"\n";
+			&log_error("Failed to lock password : ",
+				     $dbh->errstr);
 			return -1;
 			}
 		$cmd->finish() if ($cmd);
@@ -6196,8 +6208,8 @@ if ($config{'userdb'}) {
 		my $rv = $dbh->modify($uinfo->{'id'},
 		      replace => { 'webminPass' => '!'.$uinfo->{'pass'} });
 		if (!$rv || $rv->code) {
-			print STDERR "Failed to lock password : ",
-				     ($rv ? $rv->error : "Unknown error"),"\n";
+			&log_error("Failed to lock password : ",
+				     ($rv ? $rv->error : "Unknown error"));
 			return -1;
 			}
 		}
@@ -6464,13 +6476,13 @@ foreach my $f (readdir(CRONS)) {
 		my $broken = 0;
 		foreach my $n ('module', 'func') {
 			if (!$cron{$n}) {
-				print STDERR "Cron $1 missing $n\n";
+				&log_error("Cron $1 missing $n");
 				$broken = 1;
 				}
 			}
 		if (!$cron{'interval'} && $cron{'mins'} eq '' &&
 		    $cron{'special'} eq '' && !$cron{'boot'}) {
-			print STDERR "Cron $1 missing any time spec\n";
+			&log_error("Cron $1 missing any time spec");
 			$broken = 1;
 			}
 		if ($cron{'special'} eq 'hourly') {
@@ -6515,7 +6527,7 @@ foreach my $f (readdir(CRONS)) {
 			$cron{'weekdays'} = '*';
 			}
 		elsif ($cron{'special'}) {
-			print STDERR "Cron $1 invalid special time $cron{'special'}\n";
+			&log_error("Cron $1 invalid special time $cron{'special'}");
 			$broken = 1;
 			}
 		if ($cron{'special'}) {
@@ -6760,7 +6772,7 @@ if (!$pid) {
 		die \$@ if (\$@);
 		";
 	if ($@) {
-		print STDERR "Perl failure : $@\n";
+		&log_error("Perl failure : $@");
 		}
 	exit(0);
 	}

net/nm-lib.pl

@@ -426,6 +426,8 @@ print &ui_table_row($text{'routes_static'}, $rtable);
 # Save the form generated by routing_input
 sub parse_routing
 {
+my @boot =  &boot_interfaces();
+
 # Save IPv4 address
 my ($dev, $gw);
 if (!$in{'gateway_def'}) {
@@ -434,7 +436,7 @@ if (!$in{'gateway_def'}) {
 	$gw = $in{'gateway'};
 	$dev = $in{'gatewaydev'};
 	}
-&set_default_gateway($gw, $dev);
+&set_default_gateway($gw, $dev, \@boot);
 
 # Save IPv6 address
 my ($dev6, $gw6);
@@ -444,7 +446,7 @@ if (!$in{'gateway6_def'}) {
 	$gw6 = $in{'gateway6'};
 	$dev6 = $in{'gatewaydev6'};
 	}
-&set_default_ipv6_gateway($gw6, $dev6);
+&set_default_ipv6_gateway($gw6, $dev6, \@boot);
 
 # Save routing flag
 my %sysctl;
@@ -455,7 +457,6 @@ $sysctl{'net.ipv4.ip_forward'} = $in{'forward'};
 &unlock_file($sysctl_config);
 
 # Save static routes
-my @boot =  &boot_interfaces();
 foreach my $b (grep { $_->{'virtual'} eq '' } @boot) {
 	my @r;
 	for(my $i=0; defined($in{"dev_$i"}); $i++) {
@@ -539,13 +540,14 @@ foreach my $iface (&boot_interfaces()) {
 return ( );
 }
 
-# set_default_gateway([gateway, device])
+# set_default_gateway([gateway, device], [&boot-interfaces])
 # Sets the default gateway to the given IP accessible via the given device,
 # in the boot time settings.
 sub set_default_gateway
 {
-my ($gw, $dev) = @_;
-foreach my $iface (&boot_interfaces()) {
+my ($gw, $dev, $boot) = @_;
+$boot ||= [ &boot_interfaces() ];
+foreach my $iface (@$boot) {
 	if ($iface->{'fullname'} eq $dev && $iface->{'gateway'} ne $gw) {
 		# Need to add to this interface
 		$iface->{'gateway'} = $gw;
@@ -572,13 +574,14 @@ foreach my $iface (&boot_interfaces()) {
 return ( );
 }
 
-# set_default_ipv6_gateway([gateway, device])
+# set_default_ipv6_gateway([gateway, device], [boot-interfaces])
 # Sets the default IPv6 gateway to the given IP accessible via the given device,
 # in the boot time settings.
 sub set_default_ipv6_gateway
 {
-my ($gw, $dev) = @_;
-foreach my $iface (&boot_interfaces()) {
+my ($gw, $dev, $boot) = @_;
+$boot ||= [ &boot_interfaces() ];
+foreach my $iface (@$boot) {
 	if ($iface->{'fullname'} eq $dev && $iface->{'gateway6'} ne $gw) {
 		# Need to add to this interface
 		$iface->{'gateway6'} = $gw;

package-updates/update.cgi

@@ -17,7 +17,7 @@ else {
 	$redirdesc = $text{'index_return'};
 	}
 
-$redir = ($redir =~ /\?/) ? "$redir&tab=install" : "$redir?tab=install";
+$redir = ($redir =~ /\?/) ? "$redir&tab=pkgs" : "$redir?tab=pkgs";
 
 if ($in{'refresh'} || $in{'refresh_top'}) {
 	&ui_print_unbuffered_header(undef, $text{'refresh_title'}, "");

postfix/client.cgi

@@ -54,10 +54,8 @@ foreach $r (&list_multi_client_restrictions()) {
 
 # Show text field for the rest
 @rest = grep { !$done{$_} } @opts;
-if (@rest) {
-	push(@grid, &ui_checkbox("other", 1, $text{'client_other'}, 1),
-		    &ui_textbox("other_list", join(" ", @rest), 40));
-	}
+push(@grid, &ui_checkbox("other", @rest ? 1 : 0, $text{'client_other'}, 1),
+	    &ui_textbox("other_list", join(" ", @rest), 40));
 
 # Show field
 print &ui_table_row($text{'client_restrict'},

postfix/help/opt_smtp_sasl_security_options.html

@@ -0,0 +1,16 @@
+<header>SASL security options &quot;.&quot;</header>
+
+<center><tt>smtp_sasl_security_options</tt></center>
+<hr>
+
+This parameter specifies the security options that the Postfix SMTP client uses
+for SASL authentication when connecting to a remote SMTP server. <p>
+The list is a comma-separated parameter of one or more of the following items:
+
+<ul>
+<li><tt>noplaintext</tt>: disallow methods that use plaintext passwords</li>
+<li><tt>noactive</tt>: disallow methods subject to active (non-dictionary) attack</li>
+<li><tt>nodictionary</tt>: disallow methods subject to passive (dictionary) attack</li>
+<li><tt>noanonymous</tt>: disallow methods that allow anonymous authentication</li>
+<li><tt>mutual_auth</tt>: only allow methods that provide mutual authentication (not available with SASL version 1)</li>
+</ul>

postfix/lang/en

@@ -319,7 +319,6 @@ opts_smtp_data_init_timeout=Timeout on waiting for answer to DATA
 opts_smtp_data_xfer_timeout=Timeout on waiting for answer to transmit of message content
 opts_smtp_data_done_timeout=Timeout on waiting for answer to ending "."
 opts_smtp_quit_timeout=Timeout on waiting for answer to QUIT
-opts_smtp_use_tls=Use TLS for SMTP connections?
 opts_smtp_sasl_security_options=SASL security options
 opts_smtp_tls_security_level=SMTP TLS client security level
 

postfix/postfix-lib.pl

@@ -2327,8 +2327,9 @@ return ( "permit_mynetworks",
 		"reject_unknown_reverse_client_hostname",
 	 "permit_sasl_authenticated",
 	 "reject_unauth_destination",
-	 "check_relay_domains",
-	 "permit_mx_backup" );
+	 &compare_version_numbers($postfix_version, 3.9) < 0 ?
+		("check_relay_domains", "permit_mx_backup") : ( ),
+       );
 }
 
 # list_client_restrictions()

postfix/smtp.cgi

@@ -49,7 +49,6 @@ if (&compare_version_numbers($postfix_version, 2) <= 0) {
 &option_freefield("smtp_data_done_timeout", 15);
 &option_freefield("smtp_quit_timeout", 15);
 
-&option_yesno("smtp_use_tls");
 &option_freefield("smtp_sasl_security_options", 60);
 
 # TLS enforcement options

spam/edit_user.cgi

@@ -15,10 +15,11 @@ print "$text{'user_desc'}<p>\n";
 # Do DNS lookups?
 $dns = lc(&find_value("dns_available", $conf));
 $dns = "test" if (!$dns && $config{'defaults'});
+$defdns = &version_atleast("3.4") ? $text{'yes'} : $text{'user_dnstest'};
 @dnsopts = ( [ 1, $text{'yes'} ],
 	     [ 0, $text{'no'} ],
 	     !$config{'defaults'} ? ( [ -1, $text{'default'}.
-				       " (".$text{'user_dnstest'}.")" ] ) : ( ),
+				       " (".$defdns.")" ] ) : ( ),
 	     [ 2, $text{'user_dnslist'} ] );
 print &ui_table_row($text{'user_dns'},
 	&ui_radio("dns", $dns eq 'yes' ? 1 :

spam/spam-lib.pl

@@ -607,7 +607,7 @@ sub version_atleast
 if (!$version_cache) {
 	$version_cache = &get_spamassassin_version();
 	}
-return $version_cache >= $_[0];
+return &compare_version_numbers($version_cache, '>=', $_[0]);
 }
 
 # spam_file_folder()

web-lib-funcs.pl

@@ -7465,7 +7465,7 @@ while(1) {
 	my $got = read(OUT, $line, 1);
 	last if (!$got);
 	$out .= $line;
-	$linecount++;
+	$linecount += scalar(() = $out =~ /\n/g);
 	if ($_[3] && $linecount >= $_[3]) {
 		# Got enough lines
 		last;

xterm/index.cgi

@@ -3,6 +3,8 @@
 require './xterm-lib.pl';
 &ReadParse();
 
+$ENV{'HTTP_WEBMIN_PATH'} && &error($text{'index_eproxy'});
+
 # Check for needed modules
 my @modnames = ("Digest::SHA", "Digest::MD5", "IO::Pty",
                 "IO::Select", "Time::HiRes",

xterm/lang/en

@@ -5,6 +5,7 @@ index_suse=The Perl package <tt>perl-IO-Tty</tt> is missing, and should be manua
 index_euser=Error : User $1 cannot run the shell as it does not exist!
 index_connecting=Connecting ..
 index_missing=The Perl module <tt>$1</tt> is missing. You need to contact your administrator to resolve this issue.
+index_eproxy=The Terminal module cannot be used when accessing Webmin via another Webmin server
 
 acl_user=Run shell as Unix user
 acl_sameuser=Same as Webmin login

xterm/xterm-addon-attach.js

@@ -1 +1,2 @@
+// 0.11.0
 !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.AttachAddon=t():e.AttachAddon=t()}(self,(()=>(()=>{"use strict";var e={};return(()=>{var t=e;function s(e,t,s){return e.addEventListener(t,s),{dispose:()=>{s&&e.removeEventListener(t,s)}}}Object.defineProperty(t,"__esModule",{value:!0}),t.AttachAddon=void 0,t.AttachAddon=class{constructor(e,t){this._disposables=[],this._socket=e,this._socket.binaryType="arraybuffer",this._bidirectional=!(t&&!1===t.bidirectional)}activate(e){this._disposables.push(s(this._socket,"message",(t=>{const s=t.data;e.write("string"==typeof s?s:new Uint8Array(s))}))),this._bidirectional&&(this._disposables.push(e.onData((e=>this._sendData(e)))),this._disposables.push(e.onBinary((e=>this._sendBinary(e))))),this._disposables.push(s(this._socket,"close",(()=>this.dispose()))),this._disposables.push(s(this._socket,"error",(()=>this.dispose())))}dispose(){for(const e of this._disposables)e.dispose()}_sendData(e){this._checkOpenSocket()&&this._socket.send(e)}_sendBinary(e){if(!this._checkOpenSocket())return;const t=new Uint8Array(e.length);for(let s=0;s<e.length;++s)t[s]=255&e.charCodeAt(s);this._socket.send(t)}_checkOpenSocket(){switch(this._socket.readyState){case WebSocket.OPEN:return!0;case WebSocket.CONNECTING:throw new Error("Attach addon was loaded before socket was open");case WebSocket.CLOSING:return console.warn("Attach addon socket is closing"),!1;case WebSocket.CLOSED:throw new Error("Attach addon socket is closed");default:throw new Error("Unexpected socket state")}}}})(),e})()));

xterm/xterm-addon-fit.js

@@ -1 +1,2 @@
+// 0.10.0
 !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.FitAddon=t():e.FitAddon=t()}(self,(()=>(()=>{"use strict";var e={};return(()=>{var t=e;Object.defineProperty(t,"__esModule",{value:!0}),t.FitAddon=void 0,t.FitAddon=class{activate(e){this._terminal=e}dispose(){}fit(){const e=this.proposeDimensions();if(!e||!this._terminal||isNaN(e.cols)||isNaN(e.rows))return;const t=this._terminal._core;this._terminal.rows===e.rows&&this._terminal.cols===e.cols||(t._renderService.clear(),this._terminal.resize(e.cols,e.rows))}proposeDimensions(){if(!this._terminal)return;if(!this._terminal.element||!this._terminal.element.parentElement)return;const e=this._terminal._core,t=e._renderService.dimensions;if(0===t.css.cell.width||0===t.css.cell.height)return;const r=0===this._terminal.options.scrollback?0:e.viewport.scrollBarWidth,i=window.getComputedStyle(this._terminal.element.parentElement),o=parseInt(i.getPropertyValue("height")),s=Math.max(0,parseInt(i.getPropertyValue("width"))),n=window.getComputedStyle(this._terminal.element),l=o-(parseInt(n.getPropertyValue("padding-top"))+parseInt(n.getPropertyValue("padding-bottom"))),a=s-(parseInt(n.getPropertyValue("padding-right"))+parseInt(n.getPropertyValue("padding-left")))-r;return{cols:Math.max(2,Math.floor(a/t.css.cell.width)),rows:Math.max(1,Math.floor(l/t.css.cell.height))}}}})(),e})()));

xterm/xterm.css

@@ -1,8 +1,8 @@
 /*!
- * Xterm.js v5.4.0 (https://github.com/xtermjs/xterm.js)
+ * Xterm.js v5.5.0 (https://github.com/xtermjs/xterm.js)
  * Copyright (c) 2017-2023, The xterm.js authors (https://github.com/xtermjs/xterm.js)
  * Copyright (c) 2014-2016, SourceLair Private Company (https://www.sourcelair.com)
  * Copyright (c) 2012-2013, Christopher Jeffrey (https://github.com/chjj/)
  * Licensed under MIT (https://github.com/xtermjs/xterm.js/blob/master/LICENSE)
  */
-.xterm{cursor:text;position:relative;user-select:none;-ms-user-select:none;-webkit-user-select:none}.xterm.focus,.xterm:focus{outline:0}.xterm .xterm-helpers{position:absolute;top:0;z-index:5}.xterm .xterm-helper-textarea{padding:0;border:0;margin:0;position:absolute;opacity:0;left:-9999em;top:0;width:0;height:0;z-index:-5;white-space:nowrap;overflow:hidden;resize:none}.xterm .composition-view{background:#000;color:#fff;display:none;position:absolute;white-space:nowrap;z-index:1}.xterm .composition-view.active{display:block}.xterm .xterm-viewport{background-color:#000;overflow-y:scroll;cursor:default;position:absolute;right:0;left:0;top:0;bottom:0}.xterm .xterm-screen{position:relative}.xterm .xterm-screen canvas{position:absolute;left:0;top:0}.xterm .xterm-scroll-area{visibility:hidden}.xterm-char-measure-element{display:inline-block;visibility:hidden;position:absolute;top:0;left:-9999em;line-height:normal}.xterm.enable-mouse-events{cursor:default}.xterm.xterm-cursor-pointer,.xterm .xterm-cursor-pointer{cursor:pointer}.xterm.column-select.focus{cursor:crosshair}.xterm .xterm-accessibility:not(.debug),.xterm .xterm-message{position:absolute;left:0;top:0;bottom:0;right:0;z-index:10;color:transparent;pointer-events:none}.xterm .xterm-accessibility-tree:not(.debug) ::selection{color:transparent}.xterm .xterm-accessibility-tree{user-select:text;white-space:pre}.xterm .live-region{position:absolute;left:-9999px;width:1px;height:1px;overflow:hidden}.xterm-dim{opacity:1!important}.xterm-underline-1{text-decoration:underline}.xterm-underline-2{text-decoration:double underline}.xterm-underline-3{text-decoration:wavy underline}.xterm-underline-4{text-decoration:dotted underline}.xterm-underline-5{text-decoration:dashed underline}.xterm-overline{text-decoration:overline}.xterm-overline.xterm-underline-1{text-decoration:overline underline}.xterm-overline.xterm-underline-2{text-decoration:overline double underline}.xterm-overline.xterm-underline-3{text-decoration:overline wavy underline}.xterm-overline.xterm-underline-4{text-decoration:overline dotted underline}.xterm-overline.xterm-underline-5{text-decoration:overline dashed underline}.xterm-strikethrough{text-decoration:line-through}.xterm-screen .xterm-decoration-container .xterm-decoration{z-index:6;position:absolute}.xterm-screen .xterm-decoration-container .xterm-decoration.xterm-decoration-top-layer{z-index:7}.xterm-decoration-overview-ruler{z-index:8;position:absolute;top:0;right:0;pointer-events:none}.xterm-decoration-top{z-index:2;position:relative}
+.xterm{cursor:text;position:relative;user-select:none;-ms-user-select:none;-webkit-user-select:none}.xterm.focus,.xterm:focus{outline:none}.xterm .xterm-helpers{position:absolute;top:0;z-index:5}.xterm .xterm-helper-textarea{padding:0;border:0;margin:0;position:absolute;opacity:0;left:-9999em;top:0;width:0;height:0;z-index:-5;white-space:nowrap;overflow:hidden;resize:none}.xterm .composition-view{background:#000;color:#FFF;display:none;position:absolute;white-space:nowrap;z-index:1}.xterm .composition-view.active{display:block}.xterm .xterm-viewport{background-color:#000;overflow-y:scroll;cursor:default;position:absolute;right:0;left:0;top:0;bottom:0}.xterm .xterm-screen{position:relative}.xterm .xterm-screen canvas{position:absolute;left:0;top:0}.xterm .xterm-scroll-area{visibility:hidden}.xterm-char-measure-element{display:inline-block;visibility:hidden;position:absolute;top:0;left:-9999em;line-height:normal}.xterm.enable-mouse-events{cursor:default}.xterm.xterm-cursor-pointer,.xterm .xterm-cursor-pointer{cursor:pointer}.xterm.column-select.focus{cursor:crosshair}.xterm .xterm-accessibility:not(.debug),.xterm .xterm-message{position:absolute;left:0;top:0;bottom:0;right:0;z-index:10;color:transparent;pointer-events:none}.xterm .xterm-accessibility-tree:not(.debug) *::selection{color:transparent}.xterm .xterm-accessibility-tree{user-select:text;white-space:pre}.xterm .live-region{position:absolute;left:-9999px;width:1px;height:1px;overflow:hidden}.xterm-dim{opacity:1!important}.xterm-underline-1{text-decoration:underline}.xterm-underline-2{text-decoration:double underline}.xterm-underline-3{text-decoration:wavy underline}.xterm-underline-4{text-decoration:dotted underline}.xterm-underline-5{text-decoration:dashed underline}.xterm-overline{text-decoration:overline}.xterm-overline.xterm-underline-1{text-decoration:overline underline}.xterm-overline.xterm-underline-2{text-decoration:overline double underline}.xterm-overline.xterm-underline-3{text-decoration:overline wavy underline}.xterm-overline.xterm-underline-4{text-decoration:overline dotted underline}.xterm-overline.xterm-underline-5{text-decoration:overline dashed underline}.xterm-strikethrough{text-decoration:line-through}.xterm-screen .xterm-decoration-container .xterm-decoration{z-index:6;position:absolute}.xterm-screen .xterm-decoration-container .xterm-decoration.xterm-decoration-top-layer{z-index:7}.xterm-decoration-overview-ruler{z-index:8;position:absolute;top:0;right:0;pointer-events:none}.xterm-decoration-top{z-index:2;position:relative}