diff --git a/.travis.yml b/.travis.yml
index 8d3d4cd..9e44e3e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,6 +5,9 @@ services:
before_install:
- docker build -t yast-ftp-server-image .
+ # list the installed packages (just for easier debugging)
+ - docker run --rm -it yast-ftp-server-image rpm -qa | sort
+
script:
# the "yast-travis-ruby" script is included in the base yastdevel/ruby image
# see https://github.com/yast/docker-yast-ruby/blob/master/yast-travis-ruby
diff --git a/Dockerfile b/Dockerfile
index 99e10f1..5dbf145 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,2 @@
FROM yastdevel/ruby:sle15
COPY . /usr/src/app
-
diff --git a/package/yast2-ftp-server.changes b/package/yast2-ftp-server.changes
index afb7f01..c713ac0 100644
--- a/package/yast2-ftp-server.changes
+++ b/package/yast2-ftp-server.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jun 7 09:22:47 UTC 2018 - jreidinger@suse.com
+
+- Drop SSLv2 and SSLv3 as it is dropped for security reason for
+ vsftpd (bsc#921303)
+
-------------------------------------------------------------------
Fri Apr 20 13:34:41 UTC 2018 - knut.anderssen@suse.com
diff --git a/src/autoyast-rnc/ftp-server.rnc b/src/autoyast-rnc/ftp-server.rnc
index 2374eb1..47a9acb 100644
--- a/src/autoyast-rnc/ftp-server.rnc
+++ b/src/autoyast-rnc/ftp-server.rnc
@@ -28,8 +28,6 @@ ftp-server =
element SSL { text }? &
element StartXinetd { text }? &
element StartDaemon { text }? &
- element SSLv2 { text }? &
- element SSLv3 { text }? &
element PassiveMode { text }? &
element CertFile { text }? &
element VirtualUser { text }? &
@@ -37,4 +35,4 @@ ftp-server =
element GuestUser { text }? &
element EnableUpload { text }?
-}
\ No newline at end of file
+}
diff --git a/src/clients/ftp-server.rb b/src/clients/ftp-server.rb
index 6168180..8f16441 100644
--- a/src/clients/ftp-server.rb
+++ b/src/clients/ftp-server.rb
@@ -180,22 +180,6 @@ def main
),
"example" => ["SSL enable", "SSL disable"]
},
- "SSLv2" => {
- "handler" => fun_ref(method(:FTPdCMDSSLv2), "boolean (map)"),
- # TRANSLATORS: CommandLine help
- "help" => _(
- "If enabled, this option will permit SSL v2 protocol connections (vsftpd only)."
- ),
- "example" => ["SSLv2 enable", "SSLv2 disable"]
- },
- "SSLv3" => {
- "handler" => fun_ref(method(:FTPdCMDSSLv3), "boolean (map)"),
- # TRANSLATORS: CommandLine help
- "help" => _(
- "If enabled, this option will permit SSL v3 protocol connections (vsftpd only)."
- ),
- "example" => ["SSLv3 enable", "SSLv3 disable"]
- },
"TLS" => {
"handler" => fun_ref(method(:FTPdCMDTLS), "boolean (map)"),
# TRANSLATORS: CommandLine help
@@ -352,8 +336,6 @@ def main
"anon_access" => ["can_upload", "create_dirs"],
"welcome_message" => ["set_message"],
"SSL" => ["enable", "disable"],
- "SSLv2" => ["enable", "disable"],
- "SSLv3" => ["enable", "disable"],
"TLS" => ["enable", "disable"]
}
}
@@ -548,18 +530,6 @@ def FTPdCMDShow(_options)
CommandLine.Print(_("SSL is enabled"))
end
- if Ops.get(FtpServer.EDIT_SETTINGS, "SSLv2") != "YES"
- CommandLine.Print(_("SSL version 2 is disabled"))
- else
- CommandLine.Print(_("SSL version 2 is enabled"))
- end
-
- if Ops.get(FtpServer.EDIT_SETTINGS, "SSLv3") != "YES"
- CommandLine.Print(_("SSL version 3 is disabled"))
- else
- CommandLine.Print(_("SSL version 3 is enabled"))
- end
-
if Ops.get(FtpServer.EDIT_SETTINGS, "TLS") != "YES"
CommandLine.Print(_("TLS is disabled"))
else
@@ -982,28 +952,6 @@ def FTPdCMDTLS(options)
CommonHandlerCheckBox(options, "TLS connections:", true, "TLS", "TLS")
end
- def FTPdCMDSSLv2(options)
- options = deep_copy(options)
- CommonHandlerCheckBox(
- options,
- "SSL version 2 connections:",
- true,
- "SSLv2",
- "SSL version 2"
- )
- end
-
- def FTPdCMDSSLv3(options)
- options = deep_copy(options)
- CommonHandlerCheckBox(
- options,
- "SSL version 3 connections:",
- true,
- "SSLv3",
- "SSL version 3"
- )
- end
-
def FTPdCMDAntiwarez(options)
options = deep_copy(options)
CommonHandlerCheckBox(
diff --git a/src/include/ftp-server/dialogs.rb b/src/include/ftp-server/dialogs.rb
index 845f94e..0d86925 100644
--- a/src/include/ftp-server/dialogs.rb
+++ b/src/include/ftp-server/dialogs.rb
@@ -57,8 +57,6 @@ def wid_handling_vsftpd
"PasMinPort" => PasMinPort(),
"PasMaxPort" => PasMaxPort(),
"SSLEnable" => SSLEnable(),
- "SSLv2" => SSLv2(),
- "SSLv3" => SSLv3(),
"TLS" => TLS(),
"CertFile" => CertFile(),
"BrowseCertFile" => BrowseCertFile(),
@@ -877,59 +875,6 @@ def SSLEnable
deep_copy(result)
end
- # Enable SSL v2
- # Expert Settings widget
- #
- # @return [Hash{String => Object}] map for Expert screen
- def SSLv2
- result = {}
-
- Ops.set(result, "label", _("&Enable SSL v2"))
- Ops.set(result, "widget", :checkbox)
- Ops.set(result, "opt", [:notify])
- Ops.set(result, "init", fun_ref(method(:InitSSLv2), "void (string)"))
- Ops.set(
- result,
- "handle",
- fun_ref(method(:HandleUniversal), "symbol (string, map)")
- )
- Ops.set(
- result,
- "store",
- fun_ref(method(:StoreSSLv2), "void (string, map)")
- )
- Ops.set(result, "help", DialogHelpText("SSLv2"))
-
- deep_copy(result)
- end
-
- # Enable SSL v3
- # Expert Settings widget
- #
- # @return [Hash{String => Object}] map for Expert screen
-
- def SSLv3
- result = {}
-
- Ops.set(result, "label", _("Enable SSL &v3"))
- Ops.set(result, "widget", :checkbox)
- Ops.set(result, "opt", [:notify])
- Ops.set(result, "init", fun_ref(method(:InitSSLv3), "void (string)"))
- Ops.set(
- result,
- "handle",
- fun_ref(method(:HandleUniversal), "symbol (string, map)")
- )
- Ops.set(
- result,
- "store",
- fun_ref(method(:StoreSSLv3), "void (string, map)")
- )
- Ops.set(result, "help", DialogHelpText("SSLv3"))
-
- deep_copy(result)
- end
-
# Enable TLS
# Expert Settings widget
#
@@ -1359,8 +1304,6 @@ def addit_settings
HBox(
HSpacing(2),
VBox(
- Left("SSLv2"), # end of `Left(`HBox(
- Left("SSLv3"),
Left("TLS"),
Left(HBox("CertFile", VBox(Label(""), "BrowseCertFile")))
)
@@ -1384,8 +1327,6 @@ def addit_settings
"Firewall",
"PasMinPort",
"PasMaxPort",
- "SSLv2",
- "SSLv3",
"TLS",
"CertFile",
"BrowseCertFile",
diff --git a/src/include/ftp-server/helps.rb b/src/include/ftp-server/helps.rb
index 49e820f..c80bbdb 100644
--- a/src/include/ftp-server/helps.rb
+++ b/src/include/ftp-server/helps.rb
@@ -184,18 +184,6 @@ def initialize_ftp_server_helps(_include_target)
"If enabled, SSL connections are allowed.\n" \
"\n"
),
- # expert settings Enable SSL v2 help 1/1
- "SSLv2" => _(
- "Enable SSL v2
\n" \
- "If enabled, SSL version 2 connections are allowed.\n" \
- "
\n"
- ),
- # expert settings Enable SSL v3 help 1/1
- "SSLv3" => _(
- "Enable SSL v3
\n" \
- "If enabled, SSL version 3 connections are allowed.\n" \
- "
\n"
- ),
# expert settings Enable TLS help 1/1
"TLS" => _(
"Enable TLS
\n" \
diff --git a/src/include/ftp-server/wid_functions.rb b/src/include/ftp-server/wid_functions.rb
index bef670c..e03e33b 100644
--- a/src/include/ftp-server/wid_functions.rb
+++ b/src/include/ftp-server/wid_functions.rb
@@ -947,14 +947,10 @@ def HandleSSLEnable(_key, event)
event = deep_copy(event)
value = Convert.to_boolean(UI.QueryWidget(Id("SSLEnable"), :Value))
if value
- UI.ChangeWidget(Id("SSLv2"), :Enabled, true)
- UI.ChangeWidget(Id("SSLv3"), :Enabled, true)
UI.ChangeWidget(Id("TLS"), :Enabled, true)
UI.ChangeWidget(Id("CertFile"), :Enabled, true)
UI.ChangeWidget(Id("BrowseCertFile"), :Enabled, true)
else
- UI.ChangeWidget(Id("SSLv2"), :Enabled, false)
- UI.ChangeWidget(Id("SSLv3"), :Enabled, false)
UI.ChangeWidget(Id("TLS"), :Enabled, false)
UI.ChangeWidget(Id("CertFile"), :Enabled, false)
UI.ChangeWidget(Id("BrowseCertFile"), :Enabled, false)
@@ -979,68 +975,6 @@ def StoreSSLEnable(_key, _event)
nil
end
- # Init function of "Enable SSL v2"
- # intfield
- #
- # also include handling enable/disable SSL
- # handling checkboxframe
- def InitSSLv2(_key)
- UI.ChangeWidget(
- Id("SSLv2"),
- :Value,
- FtpServer.ValueUIEdit("SSLv2") == "YES"
- )
- UI.ChangeWidget(
- Id("SSLEnable"),
- :Value,
- FtpServer.ValueUIEdit("SSLEnable") == "YES"
- )
-
- nil
- end
-
- # Store function of "Enable SSL v2"
- # save values to temporary structure
- #
- # also include handling value enable/disable passive mode
- def StoreSSLv2(_key, _event)
- FtpServer.WriteToEditMap(
- "SSLv2",
- Convert.to_boolean(UI.QueryWidget(Id("SSLv2"), :Value)) == true ? "YES" : "NO"
- )
- FtpServer.WriteToEditMap(
- "SSLEnable",
- Convert.to_boolean(UI.QueryWidget(Id("SSLEnable"), :Value)) == true ? "YES" : "NO"
- )
-
- nil
- end
-
- # Init function of "Enable SSL v3"
- # intfield
- #
- def InitSSLv3(_key)
- UI.ChangeWidget(
- Id("SSLv3"),
- :Value,
- FtpServer.ValueUIEdit("SSLv3") == "YES"
- )
-
- nil
- end
-
- # Store function of "Enable SSL v3"
- # save value to temporary structure
- #
- def StoreSSLv3(_key, _event)
- FtpServer.WriteToEditMap(
- "SSLv3",
- Convert.to_boolean(UI.QueryWidget(Id("SSLv3"), :Value)) == true ? "YES" : "NO"
- )
-
- nil
- end
-
# Init function of "Enable TLS"
# intfield
#
diff --git a/src/include/ftp-server/write_load.rb b/src/include/ftp-server/write_load.rb
index 1895198..6c774b1 100644
--- a/src/include/ftp-server/write_load.rb
+++ b/src/include/ftp-server/write_load.rb
@@ -457,30 +457,6 @@ def ValueUI(key, write)
Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_tlsv1")) :
Ops.get(@DEFAULT_CONFIG, "TLS")
end
- when "SSLv2"
- if write
- Ops.set(
- @VS_SETTINGS,
- "ssl_sslv2",
- Ops.get(@EDIT_SETTINGS, "SSLv2")
- )
- else
- return Builtins.haskey(@VS_SETTINGS, "ssl_sslv2") ?
- Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_sslv2")) :
- Ops.get(@DEFAULT_CONFIG, "SSLv2")
- end
- when "SSLv3"
- if write
- Ops.set(
- @VS_SETTINGS,
- "ssl_sslv3",
- Ops.get(@EDIT_SETTINGS, "SSLv3")
- )
- else
- return Builtins.haskey(@VS_SETTINGS, "ssl_sslv3") ?
- Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_sslv3")) :
- Ops.get(@DEFAULT_CONFIG, "SSLv3")
- end
when "FTPUser"
if write
return ""
diff --git a/src/modules/FtpServer.rb b/src/modules/FtpServer.rb
index 434174f..ae75053 100644
--- a/src/modules/FtpServer.rb
+++ b/src/modules/FtpServer.rb
@@ -108,8 +108,6 @@ def main
"StartXinetd",
"PassiveMode",
"CertFile",
- "SSLv2",
- "SSLv3",
"VirtualUser",
"FTPUser",
"GuestUser",
@@ -137,8 +135,6 @@ def main
"AnonCreatDirs" => "NO",
"Banner" => _("Welcome message"),
"SSLEnable" => "NO",
- "SSLv2" => "NO", # enable/disable SSL version 2 (vsftpd only)
- "SSLv3" => "NO", # enable/disable SSL version 3 (vsftpd only)
"TLS" => "YES",
"AntiWarez" => "YES",
"SSL" => "0", # 0 - disable SSL, 1-accept SSL