app-admin/webmin: bump to 1.791, bug #577268

Version bump to 1.791, adds support for honouring cipher order.
Ebuild by maintainer PhobosK.

Gentoo-bug: 577268
Package-Manager: portage-2.2.28
Signed-off-by: Sam Jorna <wraeth@gentoo.org>

1 files changed, 438 insertions, 0 deletions

diff --git a/app-admin/webmin/files/gentoo-setup-1.791 b/app-admin/webmin/files/gentoo-setup-1.791
new file mode 100644
index 000000000000..680dfbb5303b
--- /dev/null
+++ b/app-admin/webmin/files/gentoo-setup-1.791
@@ -0,0 +1,438 @@
+#!/bin/sh
+# gentoo-setup.sh
+#
+# Version 1.2
+#
+# A modified original Webmin setup.sh script to comply with Gentoo specifics
+#
+# Modification done by: PhobosK <phobosk@kbfx.net>
+#
+# This script runs after the webmin archive is installed, and in the pkg_config() phase.
+# It does setup the various config files of Webmin depending on if it is
+# a new install, an upgrade or a reset.
+
+LANG=
+export LANG
+
+if [ -z ${wadir} ]; then
+	echo "You can't run this script outside of the 'emerge --config app-admin/webmin' command."
+	exit 1
+fi
+
+# All things we do is from the Webmin install dir - $wadir
+cd $wadir
+
+
+# Are we hard resetting everything?
+# If yes, we do:
+# 1. Run the specific Webmin $wadir/run-uninstalls.pl
+#	 It runs all uninstall.pl files in every module's folder.
+#	 They delete all the set specific Webmin cron jobs.
+#	 If bumping you should go through these files using the command:
+#	 find . -name uninstall.pl -exec cat {} \; -print
+# 2. Delete the whole /etc/webmin content, keeping only the gentoo .keep_* files
+if [ "$reset" = "hard" ]; then
+	echo "Running Webmin's specific uninstall procedures.. (Please ignore any possible errors)"
+	(WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir LANG= "$wadir/run-uninstalls.pl")
+	echo "..done"
+	echo ""
+
+	echo "Deleting the content of user's config folder: $config_dir .."
+	find $config_dir ! -name '.keep_*' -delete 2>/dev/null
+	echo "..done"
+	echo ""
+fi
+
+
+# Are we soft resetting?
+# If yes we do:
+# - Delete the $config_dir/config file so we get new config values
+if [ "$reset" = "soft" ]; then
+	echo "Deleting the user's $config_dir/config file.."
+	if [ -f "$config_dir/config" ]; then
+		rm -f "$config_dir/config"
+	fi
+	echo "..done"
+	echo ""
+fi
+
+
+# Get all available modules of this version
+allmods=`echo */module.info | sed -e 's/\/module.info//g'`
+
+# Get current Webmin version
+ver=`cat "$wadir/version"`
+
+if [ -r "$config_dir/config" ]; then
+	upgrading=1
+fi
+
+
+# Check if upgrading from an old version
+if [ "$upgrading" = 1 ]; then
+	echo "Updating existant Webmin's config files.."
+
+	# Get current var path
+	if [ -r "$config_dir/var-path" ]; then
+		_var_dir=`cat $config_dir/var-path`
+		if [ -n ${_var_dir} ]; then
+			var_dir=${_var_dir}
+		fi
+	fi
+
+	# Get current perl path
+	if [ -r "$config_dir/perl-path" ]; then
+		_perl=`cat $config_dir/perl-path`
+		if [ -n ${_perl} ]; then
+			perl=${_perl}
+		fi
+	fi
+
+	# Get old os name and version
+	os_type=`grep "^os_type=" $config_dir/config | sed -e 's/os_type=//g'`
+	os_version=`grep "^os_version=" $config_dir/config | sed -e 's/os_version=//g'`
+	real_os_type=`grep "^real_os_type=" $config_dir/config | sed -e 's/real_os_type=//g'`
+	real_os_version=`grep "^real_os_version=" $config_dir/config | sed -e 's/real_os_version=//g'`
+
+	# Get port, ssl, no_ssl2, no_ssl3, ssl_redirect, no_sslcompression, ssl_honorcipherorder, no_tls1, no_tls1_1 and keyfile
+	port=`grep "^port=" $config_dir/miniserv.conf | sed -e 's/port=//g'`
+	ssl=`grep "^ssl=" $config_dir/miniserv.conf | sed -e 's/ssl=//g'`
+	no_ssl2=`grep "^no_ssl2=" $config_dir/miniserv.conf | sed -e 's/no_ssl2=//g'`
+	no_ssl3=`grep "^no_ssl3=" $config_dir/miniserv.conf | sed -e 's/no_ssl3=//g'`
+	ssl_redirect=`grep "^ssl_redirect=" $config_dir/miniserv.conf | sed -e 's/ssl_redirect=//g'`
+	ssl_honorcipherorder=`grep "^ssl_honorcipherorder=" $config_dir/miniserv.conf | sed -e 's/ssl_honorcipherorder=//g'`
+	no_sslcompression=`grep "^no_sslcompression=" $config_dir/miniserv.conf | sed -e 's/no_sslcompression=//g'`
+	no_tls1=`grep "^no_tls1=" $config_dir/miniserv.conf | sed -e 's/no_tls1=//g'`
+	no_tls1_1=`grep "^no_tls1_1=" $config_dir/miniserv.conf | sed -e 's/no_tls1_1=//g'`
+	keyfile=`grep "^keyfile=" $config_dir/miniserv.conf | sed -e 's/keyfile=//g'`
+
+	# Update ACLs
+	$perl "$wadir/newmods.pl" $config_dir $allmods
+
+	# Update miniserv.conf with new root directory, mime types file and server info
+	grep -v "^root=" $config_dir/miniserv.conf | grep -v "^mimetypes=" | grep -v "^server=" >$tempdir/$$.miniserv.conf
+	mv $tempdir/$$.miniserv.conf $config_dir/miniserv.conf
+	echo "root=$wadir" >> $config_dir/miniserv.conf
+	echo "mimetypes=$wadir/mime.types" >> $config_dir/miniserv.conf
+	echo "server=MiniServ/$ver" >> $config_dir/miniserv.conf
+	grep logout= $config_dir/miniserv.conf >/dev/null
+	if [ $? != "0" ]; then
+		echo "logout=$config_dir/logout-flag" >> $config_dir/miniserv.conf
+	fi
+
+	# Remove old cache of module infos
+	rm -f $config_dir/module.infos.cache
+	echo "..done"
+	echo ""
+else
+	# Create webserver's new config files
+	echo "Creating Webmin's new config files.."
+
+	echo $perl > $config_dir/perl-path
+	echo $var_dir > $config_dir/var-path
+
+	# Create a totally new conf file
+	cfile=$config_dir/miniserv.conf
+	echo "port=$port" > $cfile
+	echo "root=$wadir" >> $cfile
+	echo "mimetypes=$wadir/mime.types" >> $cfile
+	echo "addtype_cgi=internal/cgi" >> $cfile
+	echo "realm=Webmin Server" >> $cfile
+	echo "logfile=$var_dir/miniserv.log" >> $cfile
+	echo "errorlog=$var_dir/miniserv.error" >> $cfile
+	echo "pidfile=$pidfile" >> $cfile
+	echo "logtime=168" >> $cfile
+	echo "ppath=$ppath" >> $cfile
+	echo "ssl=$ssl" >> $cfile
+	echo "no_ssl2=$no_ssl2" >> $cfile
+	echo "no_ssl3=$no_ssl3" >> $cfile
+	echo "ssl_redirect=$ssl_redirect" >> $cfile
+	echo "ssl_honorcipherorder=$ssl_honorcipherorder" >> $cfile
+	echo "no_sslcompression=$no_sslcompression" >> $cfile
+	echo "no_tls1=$no_tls1" >> $cfile
+	echo "no_tls1_1=$no_tls1_1" >> $cfile
+	echo "keyfile=$keyfile" >> $cfile
+	echo "env_WEBMIN_CONFIG=$config_dir" >> $cfile
+	echo "env_WEBMIN_VAR=$var_dir" >> $cfile
+	echo "atboot=$atboot" >> $cfile
+	echo "logout=$config_dir/logout-flag" >> $cfile
+	echo "listen=10000" >> $cfile
+	echo "denyfile=\\.pl\$" >> $cfile
+	echo "log=1" >> $cfile
+	echo "blockhost_failures=5" >> $cfile
+	echo "blockhost_time=60" >> $cfile
+	echo "syslog=1" >> $cfile
+	echo "session=1" >> $cfile
+	echo "premodules=WebminCore" >> $cfile
+	echo "server=MiniServ/$ver" >> $cfile
+
+	# Append package-specific info to config file.
+	# miniserv-conf can be created by upstream or by us in src_install phase (see there).
+	if [ -f "$wadir/miniserv-conf" ]; then
+		cat "$wadir/miniserv-conf" >>$cfile
+	fi
+
+	# Create the default user allowed to login - root only
+	login="root"
+
+	if [ -r /etc/shadow ]; then
+		#crypt=`grep "^root:" /etc/shadow | cut -f 2 -d :`
+		crypt=x
+	else
+		crypt=`grep "^root:" /etc/passwd | cut -f 2 -d :`
+	fi
+
+	ufile=$config_dir/miniserv.users
+	echo "$login:$crypt:0" > $ufile
+	chmod 600 $ufile
+
+
+	echo "userfile=$ufile" >> $cfile
+	chmod 600 $cfile
+	echo "..done"
+	echo ""
+
+	echo "Creating access control file.."
+	afile=$config_dir/webmin.acl
+	echo "$login: $allmods" > $afile
+	chmod 600 $afile
+	echo "..done"
+	echo ""
+fi
+
+
+# Create start, stop, restart and reload Gentoo compliant Webmin scripts
+# We use sys-apps/openrc functions which is already pulled by sys-apps/baselayout
+# or systemctl if we run under systemd
+echo "Creating start and stop scripts.."
+rm -f $config_dir/{start,stop,restart,reload}
+
+# The start script in /etc/webmin (Gentoo compliant)
+cat <<END >>"$config_dir/start"
+#!/bin/sh
+
+if [ ! -f "${pidfile}" ]; then
+	if [[ -d /run/systemd/system ]] ; then
+		systemctl start webmin.service
+	else
+		rc-service --ifexists -- webmin start
+	fi
+fi
+END
+
+# The stop script in /etc/webmin (Gentoo compliant)
+cat <<END >>"$config_dir/stop"
+#!/bin/sh
+
+if [[ -d /run/systemd/system ]] ; then
+	systemctl stop webmin.service
+else
+	rc-service --ifexists -- webmin --ifstarted stop
+fi
+END
+
+# The restart script in /etc/webmin (Gentoo compliant)
+cat <<END >>"$config_dir/restart"
+#!/bin/sh
+
+if [[ -d /run/systemd/system ]] ; then
+	systemctl try-restart webmin.service
+else
+	rc-service --ifexists -- webmin --ifstarted restart
+fi
+END
+
+# The reload script in /etc/webmin (Gentoo compliant)
+cat <<END >>"$config_dir/reload"
+#!/bin/sh
+
+if [[ -d /run/systemd/system ]] ; then
+	systemctl reload-or-try-restart webmin.service
+else
+	rc-service --ifexists -- webmin --ifstarted reload
+fi
+END
+
+chmod 755 $config_dir/{start,stop,restart,reload}
+echo "..done"
+echo ""
+
+
+if [ "$upgrading" = 1 ]; then
+	echo "Updating other config files.."
+else
+	echo "Copying other config files.."
+fi
+
+# This just copies and merges the Webmin's release config files, with user's in the /etc/webmin folder
+newmods=`$perl "$wadir/copyconfig.pl" "$os_type/$real_os_type" "$os_version/$real_os_version" "$wadir" $config_dir "" $allmods`
+if [ "$upgrading" != 1 ]; then
+	# Store the OS and version
+	echo "os_type=$os_type" >> $config_dir/config
+	echo "os_version=$os_version" >> $config_dir/config
+	echo "real_os_type=$real_os_type" >> $config_dir/config
+	echo "real_os_version=$real_os_version" >> $config_dir/config
+
+	# Turn on logging by default
+	echo "log=1" >> $config_dir/config
+
+	# Disallow unknown referers by default
+	echo "referers_none=1" >>$config_dir/config
+else
+	# one-off hack to set log variable in config from miniserv.conf
+	grep log= $config_dir/config >/dev/null
+	if [ "$?" = "1" ]; then
+		grep log= $config_dir/miniserv.conf >> $config_dir/config
+		grep logtime= $config_dir/miniserv.conf >> $config_dir/config
+		grep logclear= $config_dir/miniserv.conf >> $config_dir/config
+	fi
+
+	# Disallow unknown referers if not set
+	grep referers_none= $config_dir/config >/dev/null
+	if [ "$?" != "0" ]; then
+		echo "referers_none=1" >>$config_dir/config
+	fi
+fi
+echo $ver > $config_dir/version
+echo "..done"
+echo ""
+
+# Set passwd_ fields in miniserv.conf from global config
+for field in passwd_file passwd_uindex passwd_pindex passwd_cindex passwd_mindex; do
+	grep $field= $config_dir/miniserv.conf >/dev/null
+	if [ "$?" != "0" ]; then
+		grep $field= $config_dir/config >> $config_dir/miniserv.conf
+	fi
+done
+grep passwd_mode= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+	echo passwd_mode=0 >> $config_dir/miniserv.conf
+fi
+
+grep ssl_honorcipherorder= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+	echo ssl_honorcipherorder=1 >> $config_dir/miniserv.conf
+fi
+
+# Disable SSL compression to defeat BEAST attack
+grep no_sslcompression= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+	echo no_sslcompression=1 >> $config_dir/miniserv.conf
+fi
+
+# Tighten SSL security
+grep no_ssl2= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+	echo no_ssl2=1 >> $config_dir/miniserv.conf
+fi
+
+grep no_ssl3= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+	echo no_ssl3=1 >> $config_dir/miniserv.conf
+fi
+
+grep no_tls1= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+    echo no_tls1=1 >> $config_dir/miniserv.conf
+fi
+
+grep no_tls1_1= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+    echo no_tls1_1=1 >> $config_dir/miniserv.conf
+fi
+
+# Make Perl crypt MD5 the default
+grep md5pass= $config_dir/config >/dev/null
+if [ "$?" != "0" ]; then
+	echo md5pass=1 >> $config_dir/config
+fi
+
+# Set a special theme if none was set before
+if [ "$theme" = "" ]; then
+	theme=`cat "$wadir/defaulttheme" 2>/dev/null`
+fi
+oldthemeline=`grep "^theme=" $config_dir/config`
+oldtheme=`echo $oldthemeline | sed -e 's/theme=//g'`
+if [ "$theme" != "" ] && [ "$oldthemeline" = "" ] && [ -d "$wadir/$theme" ]; then
+	themelist=$theme
+fi
+
+# Set a special overlay if none was set before
+if [ "$overlay" = "" ]; then
+	overlay=`cat "$wadir/defaultoverlay" 2>/dev/null`
+fi
+if [ "$overlay" != "" ] && [ "$theme" != "" ] && [ -d "$wadir/$overlay" ]; then
+	themelist="$themelist $overlay"
+fi
+
+# Apply the theme and maybe overlay
+if [ "$themelist" != "" ]; then
+	echo "theme=$themelist" >> $config_dir/config
+	echo "preroot=$themelist" >> $config_dir/miniserv.conf
+fi
+
+# If the old blue-theme is still in use, change it (new in 1.730)
+oldtheme=`grep "^theme=" $config_dir/config | sed -e 's/theme=//g'`
+if [ "$oldtheme" = "blue-theme" ]; then
+   sed -i -e 's/theme=blue-theme/theme=gray-theme/g' $config_dir/config
+   sed -i -e 's/preroot=blue-theme/preroot=gray-theme/g' $config_dir/miniserv.conf
+fi
+
+# Set the product field in the global config
+grep product= $config_dir/config >/dev/null
+if [ "$?" != "0" ]; then
+	echo product=webmin >> $config_dir/config
+fi
+
+# If password delays are not specifically disabled, enable them
+grep passdelay= $config_dir/miniserv.conf >/dev/null
+if [ "$?" != "0" ]; then
+	echo passdelay=1 >> $config_dir/miniserv.conf
+fi
+
+
+echo "Changing ownership and permissions.."
+# Make all config dirs non-world-readable
+for m in $newmods; do
+	chown -R root:root $config_dir/$m
+	chmod -R og-rw $config_dir/$m
+done
+
+# Make miniserv config files non-world-readable
+for f in miniserv.conf miniserv.users; do
+	chown -R root:root $config_dir/$f
+	chmod -R og-rw $config_dir/$f
+done
+chmod +r $config_dir/version
+
+# Fix up bad permissions from some older installs
+for m in ldap-client ldap-server ldap-useradmin mailboxes mysql postgresql servers virtual-server; do
+	if [ -d "$config_dir/$m" ]; then
+		chown root:root $config_dir/$m
+		chmod og-rw $config_dir/$m
+		chmod og-rw $config_dir/$m/config 2>/dev/null
+	fi
+done
+echo "..done"
+echo ""
+
+
+# This executes all postinstall.pl for every module
+# If you do bump, you should look at the specific changes they do with this command in root folder:
+# find . -name postinstall.pl -exec cat {} \; -print
+# Generally they are safe to run 'cause they change only user's config in /etc/webmin
+# or setup some cron jobs
+if [ "$nopostinstall" = "" ]; then
+	echo "Running postinstall scripts.. (Please ignore any possible errors)"
+	(cd "$wadir" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/run-postinstalls.pl")
+	echo "..done"
+	echo ""
+fi
+
+# Enable background collection
+if [ "$upgrading" != 1 -a -r $config_dir/system-status/enable-collection.pl ]; then
+	echo "Enabling background status collection.. (Please ignore any possible errors)"
+	$config_dir/system-status/enable-collection.pl 5
+	echo "..done"
+	echo ""
+fi