drop old due to security issue, bug 511624; bump new, bug 534092, thanks PhobosK

(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)

3 files changed, 45 insertions, 10 deletions

diff --git a/app-admin/webmin/ChangeLog b/app-admin/webmin/ChangeLog
index b3fc2f4b49af..e1e72e010a31 100644
--- a/app-admin/webmin/ChangeLog
+++ b/app-admin/webmin/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-admin/webmin
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/ChangeLog,v 1.207 2014/06/07 11:29:32 hwoarang Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/ChangeLog,v 1.208 2015/01/05 03:23:01 dlan Exp $
+
+*webmin-1.730 (05 Jan 2015)
+
+  05 Jan 2015; Yixun Lan <dlan@gentoo.org> -webmin-1.690.ebuild,
+  +webmin-1.730.ebuild, files/gentoo-setup:
+  drop old due to security issue, bug 511624; bump new, bug 534092, thanks
+  PhobosK
 
 *webmin-1.690 (07 Jun 2014)
 
diff --git a/app-admin/webmin/files/gentoo-setup b/app-admin/webmin/files/gentoo-setup
index 3443bb02f67a..0c2dd2d186d1 100755
--- a/app-admin/webmin/files/gentoo-setup
+++ b/app-admin/webmin/files/gentoo-setup
@@ -94,9 +94,11 @@ if [ "$upgrading" = 1 ]; then
 	real_os_type=`grep "^real_os_type=" $config_dir/config | sed -e 's/real_os_type=//g'`
 	real_os_version=`grep "^real_os_version=" $config_dir/config | sed -e 's/real_os_version=//g'`
 
-	# Get port, ssl, ssl_redirect, no_sslcompression and keyfile
+	# Get port, ssl, no_ssl2, no_ssl3, ssl_redirect, no_sslcompression and keyfile
 	port=`grep "^port=" $config_dir/miniserv.conf | sed -e 's/port=//g'`
 	ssl=`grep "^ssl=" $config_dir/miniserv.conf | sed -e 's/ssl=//g'`
+	no_ssl2=`grep "^no_ssl2=" $config_dir/miniserv.conf | sed -e 's/no_ssl2=//g'`
+	no_ssl3=`grep "^no_ssl3=" $config_dir/miniserv.conf | sed -e 's/no_ssl3=//g'`
 	ssl_redirect=`grep "^ssl_redirect=" $config_dir/miniserv.conf | sed -e 's/ssl_redirect=//g'`
 	no_sslcompression=`grep "^no_sslcompression=" $config_dir/miniserv.conf | sed -e 's/no_sslcompression=//g'`
 	keyfile=`grep "^keyfile=" $config_dir/miniserv.conf | sed -e 's/keyfile=//g'`
@@ -139,6 +141,8 @@ else
 	echo "logtime=168" >> $cfile
 	echo "ppath=$ppath" >> $cfile
 	echo "ssl=$ssl" >> $cfile
+	echo "no_ssl2=$no_ssl2" >> $cfile
+	echo "no_ssl3=$no_ssl3" >> $cfile
 	echo "ssl_redirect=$ssl_redirect" >> $cfile
 	echo "no_sslcompression=$no_sslcompression" >> $cfile
 	echo "keyfile=$keyfile" >> $cfile
@@ -206,7 +210,7 @@ if [ ! -f "${pidfile}" ]; then
 		systemctl start webmin.service
 	else
 		rc-service --ifexists -- webmin start
-	fi	
+	fi
 fi
 END
 
@@ -305,9 +309,22 @@ if [ "$?" != "0" ]; then
 	echo no_sslcompression=1 >> $config_dir/miniserv.conf
 fi
 
-# Make Perl crypt MD5 the default
-echo md5pass=1 >> $config_dir/config
+# Tighten SSL security
+grep no_ssl2= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+	echo no_ssl2=1 >> $config_dir/miniserv.conf
+fi
+
+grep no_ssl3= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+	echo no_ssl3=1 >> $config_dir/miniserv.conf
+fi
 
+# Make Perl crypt MD5 the default
+grep md5pass= $config_dir/config >/dev/null
+if [ "$?" != "0" ]; then
+	echo md5pass=1 >> $config_dir/config
+fi
 
 # Set a special theme if none was set before
 if [ "$theme" = "" ]; then
@@ -333,6 +350,13 @@ if [ "$themelist" != "" ]; then
 	echo "preroot=$themelist" >> $config_dir/miniserv.conf
 fi
 
+# If the old blue-theme is still in use, change it (new in 1.730)
+oldtheme=`grep "^theme=" $config_dir/config | sed -e 's/theme=//g'`
+if [ "$oldtheme" = "blue-theme" ]; then
+   sed -i -e 's/theme=blue-theme/theme=gray-theme/g' $config_dir/config
+   sed -i -e 's/preroot=blue-theme/preroot=gray-theme/g' $config_dir/miniserv.conf
+fi
+
 # Set the product field in the global config
 grep product= $config_dir/config >/dev/null
 if [ "$?" != "0" ]; then
diff --git a/app-admin/webmin/webmin-1.690.ebuild b/app-admin/webmin/webmin-1.730.ebuild
index ae64051f9906..223d5b840f5f 100644
--- a/app-admin/webmin/webmin-1.690.ebuild
+++ b/app-admin/webmin/webmin-1.730.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/webmin-1.690.ebuild,v 1.1 2014/06/07 11:29:32 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/webmin-1.730.ebuild,v 1.1 2015/01/05 03:23:01 dlan Exp $
 
 EAPI="5"
 
@@ -26,7 +26,9 @@ IUSE="minimal +ssl mysql postgres ldap"
 # to install them using the in-built cpan module, and this will mess up perl on the system
 # That's why some modules are forced without a use flag
 # NOTE: pam, ssl and dnssec-tools deps are forced for security and Gentoo compliance installation reasons
-DEPEND="virtual/perl-Sys-Syslog
+DEPEND="virtual/perl-MIME-Base64
+	virtual/perl-Socket
+	virtual/perl-Sys-Syslog
 	virtual/perl-Time-HiRes
 	virtual/perl-Time-Local
 	dev-perl/Authen-Libwrap
@@ -284,8 +286,10 @@ pkg_config(){
 	export os_version='*'
 	export real_os_type='Gentoo Linux'
 	export real_os_version='Any version'
-	# Forcing 'ssl', 'ssl_redirect' and 'no_sslcompression' for tightening security
+	# Forcing 'ssl', 'no_ssl2', 'no_ssl3', 'ssl_redirect' and 'no_sslcompression' for tightening security
 	export ssl=1
+	export no_ssl2=1
+	export no_ssl3=1
 	export ssl_redirect=1
 	export no_sslcompression=1
 	export keyfile="${EROOT}etc/ssl/webmin/server.pem"