diff --git a/.travis.yml b/.travis.yml index 8d3d4cd..9e44e3e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,9 @@ services: before_install: - docker build -t yast-ftp-server-image . + # list the installed packages (just for easier debugging) + - docker run --rm -it yast-ftp-server-image rpm -qa | sort + script: # the "yast-travis-ruby" script is included in the base yastdevel/ruby image # see https://github.com/yast/docker-yast-ruby/blob/master/yast-travis-ruby diff --git a/Dockerfile b/Dockerfile index 99e10f1..5dbf145 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,2 @@ FROM yastdevel/ruby:sle15 COPY . /usr/src/app - diff --git a/package/yast2-ftp-server.changes b/package/yast2-ftp-server.changes index afb7f01..c713ac0 100644 --- a/package/yast2-ftp-server.changes +++ b/package/yast2-ftp-server.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jun 7 09:22:47 UTC 2018 - jreidinger@suse.com + +- Drop SSLv2 and SSLv3 as it is dropped for security reason for + vsftpd (bsc#921303) + ------------------------------------------------------------------- Fri Apr 20 13:34:41 UTC 2018 - knut.anderssen@suse.com diff --git a/src/autoyast-rnc/ftp-server.rnc b/src/autoyast-rnc/ftp-server.rnc index 2374eb1..47a9acb 100644 --- a/src/autoyast-rnc/ftp-server.rnc +++ b/src/autoyast-rnc/ftp-server.rnc @@ -28,8 +28,6 @@ ftp-server = element SSL { text }? & element StartXinetd { text }? & element StartDaemon { text }? & - element SSLv2 { text }? & - element SSLv3 { text }? & element PassiveMode { text }? & element CertFile { text }? & element VirtualUser { text }? & @@ -37,4 +35,4 @@ ftp-server = element GuestUser { text }? & element EnableUpload { text }? -} \ No newline at end of file +} diff --git a/src/clients/ftp-server.rb b/src/clients/ftp-server.rb index 6168180..8f16441 100644 --- a/src/clients/ftp-server.rb +++ b/src/clients/ftp-server.rb @@ -180,22 +180,6 @@ def main ), "example" => ["SSL enable", "SSL disable"] }, - "SSLv2" => { - "handler" => fun_ref(method(:FTPdCMDSSLv2), "boolean (map)"), - # TRANSLATORS: CommandLine help - "help" => _( - "If enabled, this option will permit SSL v2 protocol connections (vsftpd only)." - ), - "example" => ["SSLv2 enable", "SSLv2 disable"] - }, - "SSLv3" => { - "handler" => fun_ref(method(:FTPdCMDSSLv3), "boolean (map)"), - # TRANSLATORS: CommandLine help - "help" => _( - "If enabled, this option will permit SSL v3 protocol connections (vsftpd only)." - ), - "example" => ["SSLv3 enable", "SSLv3 disable"] - }, "TLS" => { "handler" => fun_ref(method(:FTPdCMDTLS), "boolean (map)"), # TRANSLATORS: CommandLine help @@ -352,8 +336,6 @@ def main "anon_access" => ["can_upload", "create_dirs"], "welcome_message" => ["set_message"], "SSL" => ["enable", "disable"], - "SSLv2" => ["enable", "disable"], - "SSLv3" => ["enable", "disable"], "TLS" => ["enable", "disable"] } } @@ -548,18 +530,6 @@ def FTPdCMDShow(_options) CommandLine.Print(_("SSL is enabled")) end - if Ops.get(FtpServer.EDIT_SETTINGS, "SSLv2") != "YES" - CommandLine.Print(_("SSL version 2 is disabled")) - else - CommandLine.Print(_("SSL version 2 is enabled")) - end - - if Ops.get(FtpServer.EDIT_SETTINGS, "SSLv3") != "YES" - CommandLine.Print(_("SSL version 3 is disabled")) - else - CommandLine.Print(_("SSL version 3 is enabled")) - end - if Ops.get(FtpServer.EDIT_SETTINGS, "TLS") != "YES" CommandLine.Print(_("TLS is disabled")) else @@ -982,28 +952,6 @@ def FTPdCMDTLS(options) CommonHandlerCheckBox(options, "TLS connections:", true, "TLS", "TLS") end - def FTPdCMDSSLv2(options) - options = deep_copy(options) - CommonHandlerCheckBox( - options, - "SSL version 2 connections:", - true, - "SSLv2", - "SSL version 2" - ) - end - - def FTPdCMDSSLv3(options) - options = deep_copy(options) - CommonHandlerCheckBox( - options, - "SSL version 3 connections:", - true, - "SSLv3", - "SSL version 3" - ) - end - def FTPdCMDAntiwarez(options) options = deep_copy(options) CommonHandlerCheckBox( diff --git a/src/include/ftp-server/dialogs.rb b/src/include/ftp-server/dialogs.rb index 845f94e..0d86925 100644 --- a/src/include/ftp-server/dialogs.rb +++ b/src/include/ftp-server/dialogs.rb @@ -57,8 +57,6 @@ def wid_handling_vsftpd "PasMinPort" => PasMinPort(), "PasMaxPort" => PasMaxPort(), "SSLEnable" => SSLEnable(), - "SSLv2" => SSLv2(), - "SSLv3" => SSLv3(), "TLS" => TLS(), "CertFile" => CertFile(), "BrowseCertFile" => BrowseCertFile(), @@ -877,59 +875,6 @@ def SSLEnable deep_copy(result) end - # Enable SSL v2 - # Expert Settings widget - # - # @return [Hash{String => Object}] map for Expert screen - def SSLv2 - result = {} - - Ops.set(result, "label", _("&Enable SSL v2")) - Ops.set(result, "widget", :checkbox) - Ops.set(result, "opt", [:notify]) - Ops.set(result, "init", fun_ref(method(:InitSSLv2), "void (string)")) - Ops.set( - result, - "handle", - fun_ref(method(:HandleUniversal), "symbol (string, map)") - ) - Ops.set( - result, - "store", - fun_ref(method(:StoreSSLv2), "void (string, map)") - ) - Ops.set(result, "help", DialogHelpText("SSLv2")) - - deep_copy(result) - end - - # Enable SSL v3 - # Expert Settings widget - # - # @return [Hash{String => Object}] map for Expert screen - - def SSLv3 - result = {} - - Ops.set(result, "label", _("Enable SSL &v3")) - Ops.set(result, "widget", :checkbox) - Ops.set(result, "opt", [:notify]) - Ops.set(result, "init", fun_ref(method(:InitSSLv3), "void (string)")) - Ops.set( - result, - "handle", - fun_ref(method(:HandleUniversal), "symbol (string, map)") - ) - Ops.set( - result, - "store", - fun_ref(method(:StoreSSLv3), "void (string, map)") - ) - Ops.set(result, "help", DialogHelpText("SSLv3")) - - deep_copy(result) - end - # Enable TLS # Expert Settings widget # @@ -1359,8 +1304,6 @@ def addit_settings HBox( HSpacing(2), VBox( - Left("SSLv2"), # end of `Left(`HBox( - Left("SSLv3"), Left("TLS"), Left(HBox("CertFile", VBox(Label(""), "BrowseCertFile"))) ) @@ -1384,8 +1327,6 @@ def addit_settings "Firewall", "PasMinPort", "PasMaxPort", - "SSLv2", - "SSLv3", "TLS", "CertFile", "BrowseCertFile", diff --git a/src/include/ftp-server/helps.rb b/src/include/ftp-server/helps.rb index 49e820f..c80bbdb 100644 --- a/src/include/ftp-server/helps.rb +++ b/src/include/ftp-server/helps.rb @@ -184,18 +184,6 @@ def initialize_ftp_server_helps(_include_target) "If enabled, SSL connections are allowed.\n" \ "
\n" ), - # expert settings Enable SSL v2 help 1/1 - "SSLv2" => _( - "Enable SSL v2
\n" \
- "If enabled, SSL version 2 connections are allowed.\n" \
- "
Enable SSL v3
\n" \
- "If enabled, SSL version 3 connections are allowed.\n" \
- "
Enable TLS
\n" \
diff --git a/src/include/ftp-server/wid_functions.rb b/src/include/ftp-server/wid_functions.rb
index bef670c..e03e33b 100644
--- a/src/include/ftp-server/wid_functions.rb
+++ b/src/include/ftp-server/wid_functions.rb
@@ -947,14 +947,10 @@ def HandleSSLEnable(_key, event)
event = deep_copy(event)
value = Convert.to_boolean(UI.QueryWidget(Id("SSLEnable"), :Value))
if value
- UI.ChangeWidget(Id("SSLv2"), :Enabled, true)
- UI.ChangeWidget(Id("SSLv3"), :Enabled, true)
UI.ChangeWidget(Id("TLS"), :Enabled, true)
UI.ChangeWidget(Id("CertFile"), :Enabled, true)
UI.ChangeWidget(Id("BrowseCertFile"), :Enabled, true)
else
- UI.ChangeWidget(Id("SSLv2"), :Enabled, false)
- UI.ChangeWidget(Id("SSLv3"), :Enabled, false)
UI.ChangeWidget(Id("TLS"), :Enabled, false)
UI.ChangeWidget(Id("CertFile"), :Enabled, false)
UI.ChangeWidget(Id("BrowseCertFile"), :Enabled, false)
@@ -979,68 +975,6 @@ def StoreSSLEnable(_key, _event)
nil
end
- # Init function of "Enable SSL v2"
- # intfield
- #
- # also include handling enable/disable SSL
- # handling checkboxframe
- def InitSSLv2(_key)
- UI.ChangeWidget(
- Id("SSLv2"),
- :Value,
- FtpServer.ValueUIEdit("SSLv2") == "YES"
- )
- UI.ChangeWidget(
- Id("SSLEnable"),
- :Value,
- FtpServer.ValueUIEdit("SSLEnable") == "YES"
- )
-
- nil
- end
-
- # Store function of "Enable SSL v2"
- # save values to temporary structure
- #
- # also include handling value enable/disable passive mode
- def StoreSSLv2(_key, _event)
- FtpServer.WriteToEditMap(
- "SSLv2",
- Convert.to_boolean(UI.QueryWidget(Id("SSLv2"), :Value)) == true ? "YES" : "NO"
- )
- FtpServer.WriteToEditMap(
- "SSLEnable",
- Convert.to_boolean(UI.QueryWidget(Id("SSLEnable"), :Value)) == true ? "YES" : "NO"
- )
-
- nil
- end
-
- # Init function of "Enable SSL v3"
- # intfield
- #
- def InitSSLv3(_key)
- UI.ChangeWidget(
- Id("SSLv3"),
- :Value,
- FtpServer.ValueUIEdit("SSLv3") == "YES"
- )
-
- nil
- end
-
- # Store function of "Enable SSL v3"
- # save value to temporary structure
- #
- def StoreSSLv3(_key, _event)
- FtpServer.WriteToEditMap(
- "SSLv3",
- Convert.to_boolean(UI.QueryWidget(Id("SSLv3"), :Value)) == true ? "YES" : "NO"
- )
-
- nil
- end
-
# Init function of "Enable TLS"
# intfield
#
diff --git a/src/include/ftp-server/write_load.rb b/src/include/ftp-server/write_load.rb
index 1895198..6c774b1 100644
--- a/src/include/ftp-server/write_load.rb
+++ b/src/include/ftp-server/write_load.rb
@@ -457,30 +457,6 @@ def ValueUI(key, write)
Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_tlsv1")) :
Ops.get(@DEFAULT_CONFIG, "TLS")
end
- when "SSLv2"
- if write
- Ops.set(
- @VS_SETTINGS,
- "ssl_sslv2",
- Ops.get(@EDIT_SETTINGS, "SSLv2")
- )
- else
- return Builtins.haskey(@VS_SETTINGS, "ssl_sslv2") ?
- Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_sslv2")) :
- Ops.get(@DEFAULT_CONFIG, "SSLv2")
- end
- when "SSLv3"
- if write
- Ops.set(
- @VS_SETTINGS,
- "ssl_sslv3",
- Ops.get(@EDIT_SETTINGS, "SSLv3")
- )
- else
- return Builtins.haskey(@VS_SETTINGS, "ssl_sslv3") ?
- Builtins.toupper(Ops.get(@VS_SETTINGS, "ssl_sslv3")) :
- Ops.get(@DEFAULT_CONFIG, "SSLv3")
- end
when "FTPUser"
if write
return ""
diff --git a/src/modules/FtpServer.rb b/src/modules/FtpServer.rb
index 434174f..ae75053 100644
--- a/src/modules/FtpServer.rb
+++ b/src/modules/FtpServer.rb
@@ -108,8 +108,6 @@ def main
"StartXinetd",
"PassiveMode",
"CertFile",
- "SSLv2",
- "SSLv3",
"VirtualUser",
"FTPUser",
"GuestUser",
@@ -137,8 +135,6 @@ def main
"AnonCreatDirs" => "NO",
"Banner" => _("Welcome message"),
"SSLEnable" => "NO",
- "SSLv2" => "NO", # enable/disable SSL version 2 (vsftpd only)
- "SSLv3" => "NO", # enable/disable SSL version 3 (vsftpd only)
"TLS" => "YES",
"AntiWarez" => "YES",
"SSL" => "0", # 0 - disable SSL, 1-accept SSL