Merge remote-tracking branch 'origin/SLE-12-SP4' into drop_sslv_15ga

yast · Jun 7, 2018 · 041e5fa · 041e5fa
2 parents 9fc983d + 93fd315
commit 041e5fa
Show file tree

Hide file tree

Showing 10 changed files with 10 additions and 221 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -5,6 +5,9 @@ services:
 
 before_install:
   - docker build -t yast-ftp-server-image .
+  # list the installed packages (just for easier debugging)
+  - docker run --rm -it yast-ftp-server-image rpm -qa | sort
+
 script:
   # the "yast-travis-ruby" script is included in the base yastdevel/ruby image
   # see https://github.com/yast/docker-yast-ruby/blob/master/yast-travis-ruby

diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,2 @@
 FROM yastdevel/ruby:sle15
 COPY . /usr/src/app
-
diff --git a/package/yast2-ftp-server.changes b/package/yast2-ftp-server.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jun  7 09:22:47 UTC 2018 - jreidinger@suse.com
+
+- Drop SSLv2 and SSLv3 as it is dropped for security reason for
+  vsftpd (bsc#921303)
+
 -------------------------------------------------------------------
 Fri Apr 20 13:34:41 UTC 2018 - knut.anderssen@suse.com
 

diff --git a/src/autoyast-rnc/ftp-server.rnc b/src/autoyast-rnc/ftp-server.rnc
@@ -28,13 +28,11 @@ ftp-server =
      element SSL { text }? &
      element StartXinetd { text }? &
      element StartDaemon  { text }? &
-     element SSLv2  { text }? &
-     element SSLv3  { text }? &
      element PassiveMode { text }? &
      element CertFile { text }? &
      element VirtualUser { text }? &
      element FTPUser { text }? &
      element GuestUser { text }? &
      element EnableUpload { text }?
 
-}
+}
diff --git a/src/clients/ftp-server.rb b/src/clients/ftp-server.rb
@@ -180,22 +180,6 @@ def main
             ),
             "example" => ["SSL enable", "SSL disable"]
           },
-          "SSLv2"           => {
-            "handler" => fun_ref(method(:FTPdCMDSSLv2), "boolean (map)"),
-            # TRANSLATORS: CommandLine help
-            "help"    => _(
-              "If enabled, this option will permit SSL v2 protocol connections (vsftpd only)."
-            ),
-            "example" => ["SSLv2 enable", "SSLv2 disable"]
-          },
-          "SSLv3"           => {
-            "handler" => fun_ref(method(:FTPdCMDSSLv3), "boolean (map)"),
-            # TRANSLATORS: CommandLine help
-            "help"    => _(
-              "If enabled, this option will permit SSL v3 protocol connections (vsftpd only)."
-            ),
-            "example" => ["SSLv3 enable", "SSLv3 disable"]
-          },
           "TLS"             => {
             "handler" => fun_ref(method(:FTPdCMDTLS), "boolean (map)"),
             # TRANSLATORS: CommandLine help
@@ -352,8 +336,6 @@ def main
           "anon_access"     => ["can_upload", "create_dirs"],
           "welcome_message" => ["set_message"],
           "SSL"             => ["enable", "disable"],
-          "SSLv2"           => ["enable", "disable"],
-          "SSLv3"           => ["enable", "disable"],
           "TLS"             => ["enable", "disable"]
         }
       }
@@ -548,18 +530,6 @@ def FTPdCMDShow(_options)
         CommandLine.Print(_("SSL is enabled"))
       end
 
-      if Ops.get(FtpServer.EDIT_SETTINGS, "SSLv2") != "YES"
-        CommandLine.Print(_("SSL version 2 is disabled"))
-      else
-        CommandLine.Print(_("SSL version 2 is enabled"))
-      end
-
-      if Ops.get(FtpServer.EDIT_SETTINGS, "SSLv3") != "YES"
-        CommandLine.Print(_("SSL version 3 is disabled"))
-      else
-        CommandLine.Print(_("SSL version 3 is enabled"))
-      end
-
       if Ops.get(FtpServer.EDIT_SETTINGS, "TLS") != "YES"
         CommandLine.Print(_("TLS is disabled"))
       else
@@ -982,28 +952,6 @@ def FTPdCMDTLS(options)
       CommonHandlerCheckBox(options, "TLS connections:", true, "TLS", "TLS")
     end
 
-    def FTPdCMDSSLv2(options)
-      options = deep_copy(options)
-      CommonHandlerCheckBox(
-        options,
-        "SSL version 2 connections:",
-        true,
-        "SSLv2",
-        "SSL version 2"
-      )
-    end
-
-    def FTPdCMDSSLv3(options)
-      options = deep_copy(options)
-      CommonHandlerCheckBox(
-        options,
-        "SSL version 3 connections:",
-        true,
-        "SSLv3",
-        "SSL version 3"
-      )
-    end
-
     def FTPdCMDAntiwarez(options)
       options = deep_copy(options)
       CommonHandlerCheckBox(

diff --git a/src/include/ftp-server/dialogs.rb b/src/include/ftp-server/dialogs.rb
@@ -57,8 +57,6 @@ def wid_handling_vsftpd
         "PasMinPort"       => PasMinPort(),
         "PasMaxPort"       => PasMaxPort(),
         "SSLEnable"        => SSLEnable(),
-        "SSLv2"            => SSLv2(),
-        "SSLv3"            => SSLv3(),
         "TLS"              => TLS(),
         "CertFile"         => CertFile(),
         "BrowseCertFile"   => BrowseCertFile(),
@@ -877,59 +875,6 @@ def SSLEnable
       deep_copy(result)
     end
 
-    # Enable SSL v2
-    # Expert Settings widget
-    #
-    # @return [Hash{String => Object}] map for Expert screen
-    def SSLv2
-      result = {}
-
-      Ops.set(result, "label", _("&Enable SSL v2"))
-      Ops.set(result, "widget", :checkbox)
-      Ops.set(result, "opt", [:notify])
-      Ops.set(result, "init", fun_ref(method(:InitSSLv2), "void (string)"))
-      Ops.set(
-        result,
-        "handle",
-        fun_ref(method(:HandleUniversal), "symbol (string, map)")
-      )
-      Ops.set(
-        result,
-        "store",
-        fun_ref(method(:StoreSSLv2), "void (string, map)")
-      )
-      Ops.set(result, "help", DialogHelpText("SSLv2"))
-
-      deep_copy(result)
-    end
-
-    # Enable SSL v3
-    # Expert Settings widget
-    #
-    # @return [Hash{String => Object}] map for Expert screen
-
-    def SSLv3
-      result = {}
-
-      Ops.set(result, "label", _("Enable SSL &v3"))
-      Ops.set(result, "widget", :checkbox)
-      Ops.set(result, "opt", [:notify])
-      Ops.set(result, "init", fun_ref(method(:InitSSLv3), "void (string)"))
-      Ops.set(
-        result,
-        "handle",
-        fun_ref(method(:HandleUniversal), "symbol (string, map)")
-      )
-      Ops.set(
-        result,
-        "store",
-        fun_ref(method(:StoreSSLv3), "void (string, map)")
-      )
-      Ops.set(result, "help", DialogHelpText("SSLv3"))
-
-      deep_copy(result)
-    end
-
     # Enable TLS
     # Expert Settings widget
     #
@@ -1359,8 +1304,6 @@ def addit_settings
                 HBox(
                   HSpacing(2),
                   VBox(
-                    Left("SSLv2"), # end of `Left(`HBox(
-                    Left("SSLv3"),
                     Left("TLS"),
                     Left(HBox("CertFile", VBox(Label(""), "BrowseCertFile")))
                   )
@@ -1384,8 +1327,6 @@ def addit_settings
           "Firewall",
           "PasMinPort",
           "PasMaxPort",
-          "SSLv2",
-          "SSLv3",
           "TLS",
           "CertFile",
           "BrowseCertFile",

diff --git a/src/include/ftp-server/helps.rb b/src/include/ftp-server/helps.rb
@@ -184,18 +184,6 @@ def initialize_ftp_server_helps(_include_target)
             "If enabled, SSL connections are allowed.\n" \
             "</p>\n"
         ),
-        # expert settings  Enable SSL v2 help 1/1
-        "SSLv2"            => _(
-          "<p><b>Enable SSL v2</b><br>\n" \
-            "If enabled, SSL version 2 connections are allowed.\n" \
-            "</p>\n"
-        ),
-        # expert settings  Enable SSL v3 help 1/1
-        "SSLv3"            => _(
-          "<p><b>Enable SSL v3</b><br>\n" \
-            "If enabled, SSL version 3 connections are allowed.\n" \
-            "</p>\n"
-        ),
         # expert settings Enable TLS  help 1/1
         "TLS"              => _(
           "<p><b>Enable TLS</b><br>\n" \

diff --git a/src/include/ftp-server/wid_functions.rb b/src/include/ftp-server/wid_functions.rb
@@ -947,14 +947,10 @@ def HandleSSLEnable(_key, event)
       event = deep_copy(event)
       value = Convert.to_boolean(UI.QueryWidget(Id("SSLEnable"), :Value))
       if value
-        UI.ChangeWidget(Id("SSLv2"), :Enabled, true)
-        UI.ChangeWidget(Id("SSLv3"), :Enabled, true)
         UI.ChangeWidget(Id("TLS"), :Enabled, true)
         UI.ChangeWidget(Id("CertFile"), :Enabled, true)
         UI.ChangeWidget(Id("BrowseCertFile"), :Enabled, true)
       else
-        UI.ChangeWidget(Id("SSLv2"), :Enabled, false)
-        UI.ChangeWidget(Id("SSLv3"), :Enabled, false)
         UI.ChangeWidget(Id("TLS"), :Enabled, false)
         UI.ChangeWidget(Id("CertFile"), :Enabled, false)
         UI.ChangeWidget(Id("BrowseCertFile"), :Enabled, false)
@@ -979,68 +975,6 @@ def StoreSSLEnable(_key, _event)
       nil
     end
 
-    # Init function of "Enable SSL v2"
-    # intfield
-    #
-    # also include handling enable/disable SSL
-    # handling checkboxframe
-    def InitSSLv2(_key)
-      UI.ChangeWidget(
-        Id("SSLv2"),
-        :Value,
-        FtpServer.ValueUIEdit("SSLv2") == "YES"
-      )
-      UI.ChangeWidget(
-        Id("SSLEnable"),
-        :Value,
-        FtpServer.ValueUIEdit("SSLEnable") == "YES"
-      )
-
-      nil
-    end
-
-    # Store function of "Enable SSL v2"
-    # save values to temporary structure
-    #
-    # also include handling value enable/disable passive mode
-    def StoreSSLv2(_key, _event)
-      FtpServer.WriteToEditMap(
-        "SSLv2",
-        Convert.to_boolean(UI.QueryWidget(Id("SSLv2"), :Value)) == true ? "YES" : "NO"
-      )
-      FtpServer.WriteToEditMap(
-        "SSLEnable",
-        Convert.to_boolean(UI.QueryWidget(Id("SSLEnable"), :Value)) == true ? "YES" : "NO"
-      )
-
-      nil
-    end
-
-    # Init function of "Enable SSL v3"
-    # intfield
-    #
-    def InitSSLv3(_key)
-      UI.ChangeWidget(
-        Id("SSLv3"),
-        :Value,
-        FtpServer.ValueUIEdit("SSLv3") == "YES"
-      )
-
-      nil
-    end
-
-    # Store function of "Enable SSL v3"
-    # save value to temporary structure
-    #
-    def StoreSSLv3(_key, _event)
-      FtpServer.WriteToEditMap(
-        "SSLv3",
-        Convert.to_boolean(UI.QueryWidget(Id("SSLv3"), :Value)) == true ? "YES" : "NO"
-      )
-
-      nil
-    end
-
     # Init function of "Enable TLS"
     # intfield
     #

diff --git a/src/include/ftp-server/write_load.rb b/src/include/ftp-server/write_load.rb
@@ -457,30 +457,6 @@ def ValueUI(key, write)
             Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_tlsv1")) :
             Ops.get(@DEFAULT_CONFIG, "TLS")
         end
-      when "SSLv2"
-        if write
-          Ops.set(
-            @VS_SETTINGS,
-            "ssl_sslv2",
-            Ops.get(@EDIT_SETTINGS, "SSLv2")
-          )
-        else
-          return Builtins.haskey(@VS_SETTINGS, "ssl_sslv2") ?
-            Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_sslv2")) :
-            Ops.get(@DEFAULT_CONFIG, "SSLv2")
-        end
-      when "SSLv3"
-        if write
-          Ops.set(
-            @VS_SETTINGS,
-            "ssl_sslv3",
-            Ops.get(@EDIT_SETTINGS, "SSLv3")
-          )
-        else
-          return Builtins.haskey(@VS_SETTINGS, "ssl_sslv3") ?
-            Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_sslv3")) :
-            Ops.get(@DEFAULT_CONFIG, "SSLv3")
-        end
       when "FTPUser"
         if write
           return ""

diff --git a/src/modules/FtpServer.rb b/src/modules/FtpServer.rb
@@ -108,8 +108,6 @@ def main
         "StartXinetd",
         "PassiveMode",
         "CertFile",
-        "SSLv2",
-        "SSLv3",
         "VirtualUser",
         "FTPUser",
         "GuestUser",
@@ -137,8 +135,6 @@ def main
         "AnonCreatDirs"    => "NO",
         "Banner"           => _("Welcome message"),
         "SSLEnable"        => "NO",
-        "SSLv2"            => "NO", # enable/disable SSL version 2 (vsftpd only)
-        "SSLv3"            => "NO", # enable/disable SSL version 3 (vsftpd only)
         "TLS"              => "YES",
         "AntiWarez"        => "YES",
         "SSL"              => "0", # 0 - disable SSL, 1-accept SSL