build: update csf to v14.21

src/ConfigServer/CheckIP.pm

@@ -16,7 +16,7 @@ use ConfigServer::Config;
 use Exporter qw(import);
 our $VERSION     = 1.03;
 our @ISA         = qw(Exporter);
-our @EXPORT_OK   = qw(checkip);
+our @EXPORT_OK   = qw(checkip cccheckip);
 
 my $ipv4reg = ConfigServer::Config->ipv4reg;
 my $ipv6reg = ConfigServer::Config->ipv6reg;
@@ -79,5 +79,69 @@ sub checkip {
 }
 # end checkip
 ###############################################################################
+# start cccheckip
+sub cccheckip {
+	my $ipin = shift;
+	my $ret = 0;
+	my $ipref = 0;
+	my $ip;
+	my $cidr;
+	if (ref $ipin) {
+		($ip,$cidr) = split(/\//,${$ipin});
+		$ipref = 1;
+	} else {
+		($ip,$cidr) = split(/\//,$ipin);
+	}
+	my $testip = $ip;
+
+	if ($cidr ne "") {
+		unless ($cidr =~ /^\d+$/) {return 0}
+	}
+
+	if ($ip =~ /^$ipv4reg$/) {
+		$ret = 4;
+		if ($cidr) {
+			unless ($cidr >= 1 && $cidr <= 32) {return 0}
+		}
+		if ($ip eq "127.0.0.1") {return 0}
+		my $type;
+		eval {
+			local $SIG{__DIE__} = undef;
+			my $netip = Net::IP->new($testip);
+			$type = $netip->iptype();
+		};
+		if ($@) {return 0}
+		if ($type ne "PUBLIC") {return 0}
+	}
+
+	if ($ip =~ /^$ipv6reg$/) {
+		$ret = 6;
+		if ($cidr) {
+			unless ($cidr >= 1 && $cidr <= 128) {return 0}
+		}
+		$ip =~ s/://g;
+		$ip =~ s/^0*//g;
+		if ($ip == 1) {return 0}
+		if ($ipref) {
+			eval {
+				local $SIG{__DIE__} = undef;
+				my $netip = Net::IP->new($testip);
+				my $myip = $netip->short();
+				if ($myip ne "") {
+					if ($cidr eq "") {
+						${$ipin} = $myip;
+					} else {
+						${$ipin} = $myip."/".$cidr;
+					}
+				}
+			};
+			if ($@) {return 0}
+		}
+	}
+
+	return $ret;
+}
+# end cccheckip
+###############################################################################
 
 1;

src/ConfigServer/DisplayUI.pm

@@ -1712,9 +1712,9 @@ EOD
 	}
 	elsif ($mobile) {
 		print "<table class='table table-bordered table-striped'>\n";
-		print "<tr><td><form action='$script' method='post'><input type='hidden' name='mobi' value='$mobile'><input type='hidden' name='action' value='qallow'><input type='submit' class='btn btn-default' value='Quick Allow'></td><td style='width:100%'><input type='text' name='ip' value='' size='18'></form></td></tr>\n";
-		print "<tr><td><form action='$script' method='post'><input type='hidden' name='mobi' value='$mobile'><input type='hidden' name='action' value='qdeny'><input type='submit' class='btn btn-default' value='Quick Deny'></td><td style='width:100%'><input type='text' name='ip' value='' size='18'></form></td></tr>\n";
-		print "<tr><td><form action='$script' method='post'><input type='hidden' name='mobi' value='$mobile'><input type='hidden' name='action' value='qignore'><input type='submit' class='btn btn-default' value='Quick Ignore'></td><td style='width:100%'><input type='text' name='ip' value='' size='18'></form></td></tr>\n";
+		print "<tr><td><form action='$script' method='post'><input type='hidden' name='mobi' value='$mobile'><input type='hidden' name='action' value='qallow'><input type='submit' class='btn btn-default' value='Quick Allow'></td><td style='width:100%'><input type='text' name='ip' value='' size='18' style='background-color: #BDECB6'></form></td></tr>\n";
+		print "<tr><td><form action='$script' method='post'><input type='hidden' name='mobi' value='$mobile'><input type='hidden' name='action' value='qdeny'><input type='submit' class='btn btn-default' value='Quick Deny'></td><td style='width:100%'><input type='text' name='ip' value='' size='18' style='background-color: #FFD1DC'></form></td></tr>\n";
+		print "<tr><td><form action='$script' method='post'><input type='hidden' name='mobi' value='$mobile'><input type='hidden' name='action' value='qignore'><input type='submit' class='btn btn-default' value='Quick Ignore'></td><td style='width:100%'><input type='text' name='ip' value='' size='18' style='background-color: #D9EDF7'></form></td></tr>\n";
 		print "<tr><td><form action='$script' method='post'><input type='hidden' name='mobi' value='$mobile'><input type='hidden' name='action' value='kill'><input type='submit' class='btn btn-default' value='Quick Unblock'></td><td style='width:100%'><input type='text' name='ip' value='' size='18'></form></td></tr>\n";
 		print "</table>\n";
 	}
@@ -2019,7 +2019,7 @@ EOF
 		waitpid ($pid, 0);
 		chomp @iptstatus;
 		if ($iptstatus[0] =~ /# Warning: iptables-legacy tables present/) {shift @iptstatus}
-		my $status = "<div class='bs-callout bs-callout-success text-center'><h4>Firewall Status: Enabled & Running</h4></div>";
+		my $status = "<div class='bs-callout bs-callout-success text-center'><h4>Firewall Status: Enabled and Running</h4></div>";
 
 		if (-e "/etc/csf/csf.disable") {
 			$status = "<div class='bs-callout bs-callout-danger text-center'><form action='$script' method='post'><h4>Firewall Status: Disabled and Stopped <input type='hidden' name='action' value='enable'><input type='submit' class='btn btn-default' value='Enable'></form></h4></div>\n"
@@ -2166,9 +2166,9 @@ EOF
 		print "<div id='csf' class='tab-pane active'>\n";
 		print "<table class='table table-bordered table-striped'>\n";
 		print "<thead><tr><th colspan='2'>csf - Quick Actions</th></tr></thead>";
-		print "<tr><td><button onClick='\$(\"#qallow\").submit();' class='btn btn-default'>Quick Allow</button></td><td style='width:100%'><form action='$script' method='post' id='qallow'><input type='submit' class='hide'><input type='hidden' name='action' value='qallow'>Allow IP address <a href='javascript:fillfield(\"allowip\",\"$ENV{REMOTE_ADDR}\")'><span class='glyphicon glyphicon-cog icon-configserver' style='font-size:1.3em;' data-tooltip='tooltip' title='$ENV{REMOTE_ADDR}'></span></a> <input type='text' name='ip' id='allowip' value='' size='18'> through the firewall and add to the allow file (csf.allow).<br>Comment for Allow: <input type='text' name='comment' value='' size='30'></form></td></tr>\n";
-		print "<tr><td><button onClick='\$(\"#qdeny\").submit();' class='btn btn-default'>Quick Deny</button></td><td style='width:100%'><form action='$script' method='post' id='qdeny'><input type='submit' class='hide'><input type='hidden' name='action' value='qdeny'>Block IP address <input type='text' name='ip' value='' size='18'> in the firewall and add to the deny file (csf.deny).<br>Comment for Block: <input type='text' name='comment' value='' size='30'></form></td></tr>\n";
-		print "<tr><td><button onClick='\$(\"#qignore\").submit();' class='btn btn-default'>Quick Ignore</button></td><td style='width:100%'><form action='$script' method='post' id='qignore'><input type='submit' class='hide'><input type='hidden' name='action' value='qignore'>Ignore IP address <a href='javascript:fillfield(\"ignoreip\",\"$ENV{REMOTE_ADDR}\")'><span class='glyphicon glyphicon-cog icon-configserver' style='font-size:1.3em;' data-tooltip='tooltip' title='$ENV{REMOTE_ADDR}'></span></a> <input type='text' name='ip' id='ignoreip' value='' size='18'> in lfd, add to the ignore file (csf.ignore) and restart lfd</form></td></tr>\n";
+		print "<tr><td><button onClick='\$(\"#qallow\").submit();' class='btn btn-default'>Quick Allow</button></td><td style='width:100%'><form action='$script' method='post' id='qallow'><input type='submit' class='hide'><input type='hidden' name='action' value='qallow'>Allow IP address <a href='javascript:fillfield(\"allowip\",\"$ENV{REMOTE_ADDR}\")'><span class='glyphicon glyphicon-cog icon-configserver' style='font-size:1.3em;' data-tooltip='tooltip' title='$ENV{REMOTE_ADDR}'></span></a> <input type='text' name='ip' id='allowip' value='' size='18' style='background-color: #BDECB6'> through the firewall and add to the allow file (csf.allow).<br>Comment for Allow: <input type='text' name='comment' value='' size='30'></form></td></tr>\n";
+		print "<tr><td><button onClick='\$(\"#qdeny\").submit();' class='btn btn-default'>Quick Deny</button></td><td style='width:100%'><form action='$script' method='post' id='qdeny'><input type='submit' class='hide'><input type='hidden' name='action' value='qdeny'>Block IP address <input type='text' name='ip' value='' size='18' style='background-color: #FFD1DC'> in the firewall and add to the deny file (csf.deny).<br>Comment for Block: <input type='text' name='comment' value='' size='30'></form></td></tr>\n";
+		print "<tr><td><button onClick='\$(\"#qignore\").submit();' class='btn btn-default'>Quick Ignore</button></td><td style='width:100%'><form action='$script' method='post' id='qignore'><input type='submit' class='hide'><input type='hidden' name='action' value='qignore'>Ignore IP address <a href='javascript:fillfield(\"ignoreip\",\"$ENV{REMOTE_ADDR}\")'><span class='glyphicon glyphicon-cog icon-configserver' style='font-size:1.3em;' data-tooltip='tooltip' title='$ENV{REMOTE_ADDR}'></span></a> <input type='text' name='ip' id='ignoreip' value='' size='18' style='background-color: #D9EDF7'> in lfd, add to the ignore file (csf.ignore) and restart lfd</form></td></tr>\n";
 		print "<tr><td><button onClick='\$(\"#kill\").submit();' class='btn btn-default'>Quick Unblock</button></td><td style='width:100%'><form action='$script' method='post' id='kill'><input type='submit' class='hide'><input type='hidden' name='action' value='kill'>Remove IP address <input type='text' name='ip' value='' size='18'> from the firewall (temp and perm blocks)</form></td></tr>\n";
 		print "</table>\n";
 

src/ConfigServer/LookUpIP.pm

@@ -251,6 +251,7 @@ sub geo_binary {
 				elsif ($geoid > $bits[0]) {
 					$start = $mid + 1;
 				} else {
+					$b =~ s/\"//g;
 					my ($geoname_id, $locale_code, $continent_code, $continent_name, $country_iso_code, $country_name, $subdivision_1_iso_code, $subdivision_1_name, $subdivision_2_iso_code, $subdivision_2_name, $city_name, $metro_code, $time_zone) = split(/\,/,$b);
 					my $region = $subdivision_2_name;
 					if ($region eq "" or $region eq $city_name) {$region = $subdivision_1_name}

src/ConfigServer/ServerCheck.pm

@@ -1331,8 +1331,8 @@ sub phpcheck {
 				$line =~ /^PHP Version\s*=>\s*(.*)/i;
 				($mas,$maj,$min) = split(/\./,$1);
 				$version = "$mas.$maj.$min";
-				if ($mas < 7) {$status = 1}
-				if ($mas == 7 and $maj < 5) {$status = 1}
+				if ($mas < 8) {$status = 1}
+				if ($mas == 8 and $maj < 1) {$status = 1}
 			}
 			open (my $IN, "<", "/usr/local/apache/conf/php.conf.yaml");
 			flock ($IN, LOCK_SH);
@@ -1395,7 +1395,7 @@ sub phpcheck {
 		if ($key eq "version") {
 			my $status = 0;
 			if ($values ne "") {$status = 1}
-			&addline($status,"Check php version","Any version of PHP older than v7.2.* is now obsolete and should be considered a security threat. You should upgrade exclusively to PHP v7.3+:<br><b>Affected PHP versions:</b>$values");
+			&addline($status,"Check php version","Any version of PHP older than v8.1.* is now obsolete and should be considered a security threat. You should upgrade to at least PHP v8.1+:<br><b>Affected PHP versions:</b>$values");
 		}
 		if ($key eq "enable_dl") {
 			my $status = 0;

src/changelog.txt

@@ -1,8 +1,18 @@
 ChangeLog:
 
+14.21 - Modified IP lookup to strip some missed quotes
+
+        Added exe:/usr/bin/dbus-broker-launch and exe:/usr/bin/dbus-broker to
+	csf.pignore for new installations
+
+	Added check to ensure that only PUBLIC IP addresses are used when
+	loading IPv4 CC zone files
+
+	Fixed issue when converting embedded IPv4 addresses in IPv6 connections
+
 14.20 - Modified MaxMind URLs to use https
 
-        Fixed DCOTYPE print order for integrated UI login
+        Fixed DOCTYPE print order for integrated UI login
 
         Added "Require all granted" to Messenger v3 .htaccess generation
 

src/csf.cwp.pignore

@@ -92,6 +92,8 @@ exe:/usr/libexec/postfix/spawn
 exe:/usr/sbin/varnishd
 exe:/usr/sbin/nginx
 exe:/usr/sbin/mariadbd
+exe:/usr/bin/dbus-broker-launch
+exe:/usr/bin/dbus-broker
 
 # Some additional entries that you might want to ignore on cPanel servers.
 # However, be aware of the security implications under "Process Tracking" in

src/csf.cyberpanel.pignore

@@ -52,6 +52,8 @@ exe:/usr/sbin/apache2
 exe:/usr/sbin/mysqld
 exe:/lib/systemd/systemd-timesyncd
 exe:/sbin/rngd
+exe:/usr/bin/dbus-broker-launch
+exe:/usr/bin/dbus-broker
 
 # CyberPanel:
 exe:/usr/sbin/pdns_server

src/csf.directadmin.pignore

@@ -69,6 +69,8 @@ exe:/lib/systemd/systemd-timesyncd
 exe:/usr/local/bin/freshclam
 exe:/sbin/rngd
 exe:/usr/sbin/mariadbd
+exe:/usr/bin/dbus-broker-launch
+exe:/usr/bin/dbus-broker
 
 # Some additional entries that you might want to ignore on DirectAdmin
 # servers.

src/csf.generic.pignore

@@ -64,3 +64,5 @@ exe:/usr/libexec/postfix/qmgr
 exe:/usr/libexec/postfix/tlsmgr
 exe:/sbin/rngd
 exe:/usr/sbin/mariadbd
+exe:/usr/bin/dbus-broker-launch
+exe:/usr/bin/dbus-broker

src/csf.interworx.pignore

@@ -62,6 +62,8 @@ exe:/usr/sbin/apache2
 exe:/usr/sbin/mysqld
 exe:/lib/systemd/systemd-timesyncd
 exe:/sbin/rngd
+exe:/usr/bin/dbus-broker-launch
+exe:/usr/bin/dbus-broker
 
 exe:/usr/local/interworx/mysql/usr/sbin/mysqld
 exe:/usr/bin/tcpserver

src/csf.pignore

@@ -117,6 +117,8 @@ exe:/usr/lib/apt/methods/http
 exe:/usr/sbin/rngd
 exe:/usr/lib/systemd/systemd-resolved
 exe:/usr/sbin/uuidd
+exe:/usr/bin/dbus-broker-launch
+exe:/usr/bin/dbus-broker
 exe:/usr/local/cpanel/3rdparty/wp-toolkit/bin/wpt-panopticon
 
 # Some additional entries that you might want to ignore on cPanel servers.