Revbump to fix security problem in #441840. Thanks to PhobosK <phobosk@fastmail.fm>. Remove old ebuild

(Portage version: 2.1.11.30/cvs/Linux x86_64, signed Manifest commit with key B4AFF2C2)

3 files changed, 118 insertions, 2 deletions

diff --git a/app-admin/webmin/ChangeLog b/app-admin/webmin/ChangeLog
index 34407e5a3f61..8e12ecc02749 100644
--- a/app-admin/webmin/ChangeLog
+++ b/app-admin/webmin/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-admin/webmin
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/ChangeLog,v 1.199 2012/10/25 16:46:04 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/ChangeLog,v 1.200 2012/11/05 21:40:01 hwoarang Exp $
+
+*webmin-1.600-r1 (05 Nov 2012)
+
+  05 Nov 2012; Markos Chandras <hwoarang@gentoo.org>
+  +files/webmin-1.600-SA51201.patch, +webmin-1.600-r1.ebuild,
+  -webmin-1.600.ebuild:
+  Revbump to fix security problem in #441840. Thanks to PhobosK
+  <phobosk@fastmail.fm>. Remove old ebuild
 
   25 Oct 2012; Markos Chandras <hwoarang@gentoo.org> -webmin-1.560-r1.ebuild,
   -webmin-1.570-r1.ebuild, -webmin-1.580.ebuild, -webmin-1.590.ebuild:
diff --git a/app-admin/webmin/files/webmin-1.600-SA51201.patch b/app-admin/webmin/files/webmin-1.600-SA51201.patch
new file mode 100644
index 000000000000..43d1783f9d84
--- /dev/null
+++ b/app-admin/webmin/files/webmin-1.600-SA51201.patch
@@ -0,0 +1,105 @@
+diff -ur a/passwd/edit_passwd.cgi b/passwd/edit_passwd.cgi
+--- a/passwd/edit_passwd.cgi	2012-09-21 21:07:11.000000000 +0300
++++ b/passwd/edit_passwd.cgi	2012-11-01 19:00:02.000000000 +0200
+@@ -19,7 +19,7 @@
+ %uconfig = &foreign_config("useradmin");
+ $user[6] =~ s/,.*$// if ($uconfig{'extra_real'});
+ print &ui_table_row($text{'passwd_for'},
+-	$user[0].( $user[6] ? " ($user[6])" : "" ));
++	&html_escape($user[0].( $user[6] ? " ($user[6])" : "" )));
+ 
+ # Old password field
+ if ($access{'old'} == 1 ||
+diff -ur a/passwd/index.cgi b/passwd/index.cgi
+--- a/passwd/index.cgi	2012-09-21 21:07:11.000000000 +0300
++++ b/passwd/index.cgi	2012-11-01 19:00:02.000000000 +0200
+@@ -85,7 +85,7 @@
+ 	@grid = ( );
+ 	for($i=0; $i<@ulist; $i++) {
+ 		push(@grid, "<a href=\"edit_passwd.cgi?".
+-			    "user=$ulist[$i]->[0]\">".
++			    "user=".&urlize($ulist[$i]->[0])."\">".
+ 			    &html_escape($ulist[$i]->[0])."</a>");
+ 		}
+ 	print &ui_grid_table(\@grid, 4, 100, undef, undef,
+diff -ur a/passwd/module.info b/passwd/module.info
+--- a/passwd/module.info	2012-09-21 21:11:10.000000000 +0300
++++ b/passwd/module.info	2012-11-01 19:00:02.000000000 +0200
+@@ -1,48 +1,38 @@
+-desc_pt_BR=Alterar Senha
+-desc_ca=Canvi de Contrasenyes
+-desc_it=Cambio Password
+-desc_hu.UTF-8=Jelszavak
+-readonly=1
+-desc=Change Passwords
+ category=system
+-desc_ja_JP.euc=パスワードの変更
+-desc_zh_TW.Big5=怒�鷄K�X
+-desc_ko_KR.UTF-8=������ 覲�蟆�
+-desc_fi=Vaihda Salasanoja
++depends=useradmin
++desc=Change Passwords
++desc_pl=Zmiany hase�
++desc_hu=Jelszavak
+ name=Passwd
+-desc_tr=Parolalar� De�i�tir
+-os_support=!windows
++desc_ca=Canvi de Contrasenyes
+ desc_de=Passw&#246;rter &#228;ndern  
+-desc_af=Verander Wagwoord
+-desc_sk=Zmena hesla
+-desc_pl.UTF-8=Zmiany hase��
+-desc_cz.UTF-8=Zm��na hesla
+-desc_ja_JP.UTF-8=�����鴻����若�����紊����
+-desc_fr=Changez le Mot de Passe
+-desc_pl=Zmiany hase�
++desc_nl=Wachtwoorden Wijzigen
++desc_zh_TW.Big5=怒�鷄K�X
+ desc_es=Cambio de Contrase&#241;as
+-desc_ru_RU=�瑁鉉�
+ desc_no=Passord administrasjon
+-desc_cz=Zm�na hesla
+-desc_ms=Menukar Katalaluan
+-desc_nl=Wachtwoorden Wijzigen
+-desc_sk.UTF-8=Zmena hesla
+-desc_hu=Jelszavak
+-desc_zh_TW.UTF-8=莅���翫��腆�
+-version=1.600
+-longdesc=Change the password of any user on the system.
++desc_af=Verander Wagwoord
++desc_it=Cambio Password
+ desc_ru_SU=霑厦棉
++desc_ru_RU=�瑁鉉�
+ passwd=Change the passwords of Unix users.
++longdesc=Change the password of any user on the system.
++desc_pt_BR=Alterar Senha
++desc_ms=Menukar Katalaluan
++desc_cz=Zm�na hesla
++desc_sk=Zmena hesla
++desc_tr=Parolalar� De�i�tir
++readonly=1
++os_support=!windows
++desc_zh_TW.UTF-8=莅���翫��腆�
++desc_fi=Vaihda Salasanoja
+ desc_ko_KR.euc=章硲 痕井
++desc_ko_KR.UTF-8=������ 覲�蟆�
++desc_ja_JP.euc=パスワードの変更
++desc_ja_JP.UTF-8=�����鴻����若�����紊����
+ desc_ru.UTF-8=��舒��仂仍亳
+-depends=useradmin 1.600
+-desc_de.UTF-8=Passw&#246;rter &#228;ndern  
+-desc_fi.UTF-8=Vaihda Salasanoja
+-desc_af.UTF-8=Verander Wagwoord
+-desc_fr.UTF-8=Changez le Mot de Passe
+-desc_ms.UTF-8=Menukar Katalaluan
+-desc_it.UTF-8=Cambio Password
+-desc_es.UTF-8=Cambio de Contrase&#241;as
+-desc_ca.UTF-8=Canvi de Contrasenyes
+-desc_pt_BR.UTF-8=Alterar Senha
+-desc_nl.UTF-8=Wachtwoorden Wijzigen
++desc_fr=Changez le Mot de Passe
++desc_hu.UTF-8=Jelszavak
++desc_cz.UTF-8=Zm��na hesla
++desc_pl.UTF-8=Zmiany hase��
++desc_sk.UTF-8=Zmena hesla
++version=1.605
diff --git a/app-admin/webmin/webmin-1.600.ebuild b/app-admin/webmin/webmin-1.600-r1.ebuild
index b10f2b194bfa..1d2e90d61103 100644
--- a/app-admin/webmin/webmin-1.600.ebuild
+++ b/app-admin/webmin/webmin-1.600-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/webmin-1.600.ebuild,v 1.1 2012/10/14 09:52:45 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/webmin-1.600-r1.ebuild,v 1.1 2012/11/05 21:40:01 hwoarang Exp $
 
 EAPI="3"
 
@@ -46,6 +46,9 @@ DEPEND="virtual/perl-Sys-Syslog
 RDEPEND="${DEPEND}"
 
 src_prepare() {
+	# Fix security bug - https://bugs.gentoo.org/show_bug.cgi?id=441840
+	epatch "${FILESDIR}/${P}-SA51201.patch"
+
 	local perl="$( which perl )"
 
 	# Remove the unnecessary and incompatible files