diff options
author | Yixun Lan <dlan@gentoo.org> | 2015-01-05 03:23:01 +0000 |
---|---|---|
committer | Yixun Lan <dlan@gentoo.org> | 2015-01-05 03:23:01 +0000 |
commit | a3a8d4aad13db55fad4ce95b4a0d8f5adee32e41 (patch) | |
tree | dc34eca0502e86f47f41efc9a970baf69a36d496 /app-admin/webmin | |
parent | fix permission issue, bug 383895, proxy for maintainer (diff) | |
download | gentoo-2-a3a8d4aad13db55fad4ce95b4a0d8f5adee32e41.tar.gz gentoo-2-a3a8d4aad13db55fad4ce95b4a0d8f5adee32e41.tar.bz2 gentoo-2-a3a8d4aad13db55fad4ce95b4a0d8f5adee32e41.zip |
drop old due to security issue, bug 511624; bump new, bug 534092, thanks PhobosK
(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)
Diffstat (limited to 'app-admin/webmin')
-rw-r--r-- | app-admin/webmin/ChangeLog | 11 | ||||
-rwxr-xr-x | app-admin/webmin/files/gentoo-setup | 32 | ||||
-rw-r--r-- | app-admin/webmin/webmin-1.730.ebuild (renamed from app-admin/webmin/webmin-1.690.ebuild) | 12 |
3 files changed, 45 insertions, 10 deletions
diff --git a/app-admin/webmin/ChangeLog b/app-admin/webmin/ChangeLog index b3fc2f4b49af..e1e72e010a31 100644 --- a/app-admin/webmin/ChangeLog +++ b/app-admin/webmin/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for app-admin/webmin -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/ChangeLog,v 1.207 2014/06/07 11:29:32 hwoarang Exp $ +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/ChangeLog,v 1.208 2015/01/05 03:23:01 dlan Exp $ + +*webmin-1.730 (05 Jan 2015) + + 05 Jan 2015; Yixun Lan <dlan@gentoo.org> -webmin-1.690.ebuild, + +webmin-1.730.ebuild, files/gentoo-setup: + drop old due to security issue, bug 511624; bump new, bug 534092, thanks + PhobosK *webmin-1.690 (07 Jun 2014) diff --git a/app-admin/webmin/files/gentoo-setup b/app-admin/webmin/files/gentoo-setup index 3443bb02f67a..0c2dd2d186d1 100755 --- a/app-admin/webmin/files/gentoo-setup +++ b/app-admin/webmin/files/gentoo-setup @@ -94,9 +94,11 @@ if [ "$upgrading" = 1 ]; then real_os_type=`grep "^real_os_type=" $config_dir/config | sed -e 's/real_os_type=//g'` real_os_version=`grep "^real_os_version=" $config_dir/config | sed -e 's/real_os_version=//g'` - # Get port, ssl, ssl_redirect, no_sslcompression and keyfile + # Get port, ssl, no_ssl2, no_ssl3, ssl_redirect, no_sslcompression and keyfile port=`grep "^port=" $config_dir/miniserv.conf | sed -e 's/port=//g'` ssl=`grep "^ssl=" $config_dir/miniserv.conf | sed -e 's/ssl=//g'` + no_ssl2=`grep "^no_ssl2=" $config_dir/miniserv.conf | sed -e 's/no_ssl2=//g'` + no_ssl3=`grep "^no_ssl3=" $config_dir/miniserv.conf | sed -e 's/no_ssl3=//g'` ssl_redirect=`grep "^ssl_redirect=" $config_dir/miniserv.conf | sed -e 's/ssl_redirect=//g'` no_sslcompression=`grep "^no_sslcompression=" $config_dir/miniserv.conf | sed -e 's/no_sslcompression=//g'` keyfile=`grep "^keyfile=" $config_dir/miniserv.conf | sed -e 's/keyfile=//g'` @@ -139,6 +141,8 @@ else echo "logtime=168" >> $cfile echo "ppath=$ppath" >> $cfile echo "ssl=$ssl" >> $cfile + echo "no_ssl2=$no_ssl2" >> $cfile + echo "no_ssl3=$no_ssl3" >> $cfile echo "ssl_redirect=$ssl_redirect" >> $cfile echo "no_sslcompression=$no_sslcompression" >> $cfile echo "keyfile=$keyfile" >> $cfile @@ -206,7 +210,7 @@ if [ ! -f "${pidfile}" ]; then systemctl start webmin.service else rc-service --ifexists -- webmin start - fi + fi fi END @@ -305,9 +309,22 @@ if [ "$?" != "0" ]; then echo no_sslcompression=1 >> $config_dir/miniserv.conf fi -# Make Perl crypt MD5 the default -echo md5pass=1 >> $config_dir/config +# Tighten SSL security +grep no_ssl2= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo no_ssl2=1 >> $config_dir/miniserv.conf +fi + +grep no_ssl3= $config_dir/miniserv.conf >/dev/null +if [ "$?" != "0" ]; then + echo no_ssl3=1 >> $config_dir/miniserv.conf +fi +# Make Perl crypt MD5 the default +grep md5pass= $config_dir/config >/dev/null +if [ "$?" != "0" ]; then + echo md5pass=1 >> $config_dir/config +fi # Set a special theme if none was set before if [ "$theme" = "" ]; then @@ -333,6 +350,13 @@ if [ "$themelist" != "" ]; then echo "preroot=$themelist" >> $config_dir/miniserv.conf fi +# If the old blue-theme is still in use, change it (new in 1.730) +oldtheme=`grep "^theme=" $config_dir/config | sed -e 's/theme=//g'` +if [ "$oldtheme" = "blue-theme" ]; then + sed -i -e 's/theme=blue-theme/theme=gray-theme/g' $config_dir/config + sed -i -e 's/preroot=blue-theme/preroot=gray-theme/g' $config_dir/miniserv.conf +fi + # Set the product field in the global config grep product= $config_dir/config >/dev/null if [ "$?" != "0" ]; then diff --git a/app-admin/webmin/webmin-1.690.ebuild b/app-admin/webmin/webmin-1.730.ebuild index ae64051f9906..223d5b840f5f 100644 --- a/app-admin/webmin/webmin-1.690.ebuild +++ b/app-admin/webmin/webmin-1.730.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/webmin-1.690.ebuild,v 1.1 2014/06/07 11:29:32 hwoarang Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/webmin-1.730.ebuild,v 1.1 2015/01/05 03:23:01 dlan Exp $ EAPI="5" @@ -26,7 +26,9 @@ IUSE="minimal +ssl mysql postgres ldap" # to install them using the in-built cpan module, and this will mess up perl on the system # That's why some modules are forced without a use flag # NOTE: pam, ssl and dnssec-tools deps are forced for security and Gentoo compliance installation reasons -DEPEND="virtual/perl-Sys-Syslog +DEPEND="virtual/perl-MIME-Base64 + virtual/perl-Socket + virtual/perl-Sys-Syslog virtual/perl-Time-HiRes virtual/perl-Time-Local dev-perl/Authen-Libwrap @@ -284,8 +286,10 @@ pkg_config(){ export os_version='*' export real_os_type='Gentoo Linux' export real_os_version='Any version' - # Forcing 'ssl', 'ssl_redirect' and 'no_sslcompression' for tightening security + # Forcing 'ssl', 'no_ssl2', 'no_ssl3', 'ssl_redirect' and 'no_sslcompression' for tightening security export ssl=1 + export no_ssl2=1 + export no_ssl3=1 export ssl_redirect=1 export no_sslcompression=1 export keyfile="${EROOT}etc/ssl/webmin/server.pem" |