Hello community, here is the log from the commit of package yast2-sshd for openSUSE:Factory checked in at Fri Jan 30 00:40:48 CET 2009. -------- --- yast2-sshd/yast2-sshd.changes 2008-12-10 18:13:00.000000000 +0100 +++ yast2-sshd/yast2-sshd.changes 2009-01-29 10:53:14.000000000 +0100 @@ -1,0 +2,14 @@ +Thu Jan 29 10:50:10 CET 2009 - locilka@suse.cz + +- Dropping possibility to adjust PasswordAuthentication option + as it has no or rather misleading effect (bnc #469207). +- 2.18.0 + +------------------------------------------------------------------- +Tue Dec 16 16:31:25 CET 2008 - locilka@suse.cz + +- Dialog buttons adapted to the current style guide. +- Better dialog layout. +- Added support for firewall tuning (bnc #396375). + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- yast2-sshd-2.17.0.tar.bz2 New: ---- yast2-sshd-2.18.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-sshd.spec ++++++ --- /var/tmp/diff_new_pack.L26307/_old 2009-01-30 00:37:49.000000000 +0100 +++ /var/tmp/diff_new_pack.L26307/_new 2009-01-30 00:37:49.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package yast2-sshd (Version 2.17.0) +# spec file for package yast2-sshd (Version 2.18.0) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,12 +19,12 @@ Name: yast2-sshd -Version: 2.17.0 -Release: 2 +Version: 2.18.0 +Release: 1 License: GPL v2 or later Group: System/YaST BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: yast2-sshd-2.17.0.tar.bz2 +Source0: yast2-sshd-2.18.0.tar.bz2 Prefix: /usr Requires: yast2 >= 2.16.41 BuildRequires: perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-testsuite @@ -42,7 +42,7 @@ Katarina Machalkova <kmachalkova@suse.cz> %prep -%setup -n yast2-sshd-2.17.0 +%setup -n yast2-sshd-2.18.0 %build %{prefix}/bin/y2tool y2autoconf @@ -77,6 +77,14 @@ /usr/share/YaST2/schema/autoyast/rnc/sshd_config.rnc %doc %{prefix}/share/doc/packages/yast2-sshd %changelog +* Thu Jan 29 2009 locilka@suse.cz +- Dropping possibility to adjust PasswordAuthentication option + as it has no or rather misleading effect (bnc #469207). +- 2.18.0 +* Tue Dec 16 2008 locilka@suse.cz +- Dialog buttons adapted to the current style guide. +- Better dialog layout. +- Added support for firewall tuning (bnc #396375). * Wed Dec 10 2008 locilka@suse.cz - Forgotten text marked for translation (bnc #450474). - Added missing functionality to add and remove supported ciphers ++++++ yast2-sshd-2.17.0.tar.bz2 -> yast2-sshd-2.18.0.tar.bz2 ++++++ ++++ 3432 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-sshd-2.17.0/configure.in new/yast2-sshd-2.18.0/configure.in --- old/yast2-sshd-2.17.0/configure.in 2008-04-16 12:56:12.000000000 +0200 +++ new/yast2-sshd-2.18.0/configure.in 2009-01-29 11:02:48.000000000 +0100 @@ -1,9 +1,9 @@ dnl configure.in for yast2-sshd dnl -dnl -- This file is generated by y2autoconf 2.16.7 - DO NOT EDIT! -- +dnl -- This file is generated by y2autoconf 2.17.6 - DO NOT EDIT! -- dnl (edit configure.in.in instead) -AC_INIT(yast2-sshd, 2.16.2, http://bugs.opensuse.org/, yast2-sshd) +AC_INIT(yast2-sshd, 2.18.0, http://bugs.opensuse.org/, yast2-sshd) dnl Check for presence of file 'RPMNAME' AC_CONFIG_SRCDIR([RPMNAME]) @@ -18,7 +18,7 @@ AM_INIT_AUTOMAKE(tar-ustar -Wno-portability) dnl Important YaST2 variables -VERSION="2.16.2" +VERSION="2.18.0" RPMNAME="yast2-sshd" MAINTAINER="Lukas Ocilka <locilka@suse.cz>" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-sshd-2.17.0/src/complex.ycp new/yast2-sshd-2.18.0/src/complex.ycp --- old/yast2-sshd-2.17.0/src/complex.ycp 2007-11-16 20:44:46.000000000 +0100 +++ new/yast2-sshd-2.18.0/src/complex.ycp 2009-01-29 10:47:56.000000000 +0100 @@ -74,33 +74,43 @@ */ void InitCipherTable () { - list <string> wrk = Sshd::GetDefaultSSHDOption("Cipher"); - list <string> defaults = splitstring(wrk[0]:"",","); - list <string> ciphers = []; - list <term> default_items = []; - list <term> items = []; - - if (defaults != nil && defaults != []) { - foreach (string cipher, defaults,{ - items = add (items, `item(`id(cipher), cipher)); - }); - //For combo box - list all supported c's - UI::ChangeWidget(`id("supported_ciphers"), `Items, default_items); - - - foreach (string cipher, ciphers,{ - items = add (items, `item(`id(cipher), cipher)); - }); - - UI::ChangeWidget(`id("Ciphers"),`Items, items); - UI::ChangeWidget(`id("add_cipher"), `Enabled, true); - UI::ChangeWidget(`id("remove_cipher"), `Enabled, true); - } - else { - UI::ChangeWidget(`id("Ciphers"),`Items,defaults); - UI::ChangeWidget(`id("Ciphers"),`Items, []); - UI::ChangeWidget(`id("remove_cipher"), `Enabled, false); - } + list <string> tmp_list = Sshd::GetDefaultSSHDOption ("Ciphers"); + list <string> defaults = sort (splitstring (tmp_list[0]:"", ", ")); + + tmp_list = Sshd::GetSSHDOption ("Ciphers"); + list <string> current_ciphers = sort (splitstring (tmp_list[0]:"", ", ")); + + // nil must have been set before + // it says the item should be removed from config and use the 'default' settings + if (tmp_list == nil) + current_ciphers = defaults; + + // ciphers to enable + list <term> combobox_items = []; + // all enabled ciphers + list <term> table_items = []; + + // all default (known) ciphers + foreach (string cipher, defaults, { + // cipher is enabled + if (contains (current_ciphers, cipher)) { + table_items = add (table_items, `item (`id (cipher), cipher)); + // cipher is disabled + } else { + combobox_items = add (combobox_items, `item (`id (cipher), cipher)); + } + }); + + UI::ChangeWidget (`id ("supported_ciphers"), `Items, combobox_items); + UI::ChangeWidget (`id ("Ciphers"), `Items, table_items); + + // some cipher(s) are allowed -> allow removing them + UI::ChangeWidget (`id ("remove_cipher"), `Enabled, (table_items != nil && size (table_items) > 0)); + UI::ChangeWidget (`id ("Ciphers"), `Enabled, (table_items != nil && size (table_items) > 0)); + + // some cipher(s) are not allowed -> allow adding them + UI::ChangeWidget (`id ("add_cipher"), `Enabled, (table_items != nil && size (combobox_items) > 0)); + UI::ChangeWidget (`id ("supported_ciphers"), `Enabled, (table_items != nil && size (combobox_items) > 0)); } /* @@ -141,7 +151,7 @@ UI::ChangeWidget(`id("MaxAuthTries"), `Value, MaxAuthTries[0]:"0"); foreach (string key, ["PrintMotd", "PermitRootLogin", - "PasswordAuthentication", "RSAAuthentication", "PubkeyAuthentication"], { + /* "PasswordAuthentication", BNC #469207 */ "RSAAuthentication", "PubkeyAuthentication"], { UI::ChangeWidget(`id(key), `Value, (Sshd::GetSSHDOption(key) == ["yes"])); }); } @@ -277,14 +287,56 @@ symbol HandleProtocolConfigurationDialog (string id, map event) { any action = event["ID"]:nil; + list <string> tmp_list = Sshd::GetSSHDOption ("Ciphers"); + + // nil must have been set before + // it says the item should be removed from config and use the 'default' settings + if (tmp_list == nil) + tmp_list = Sshd::GetDefaultSSHDOption ("Ciphers"); + + list <string> ciphers = sort (splitstring (tmp_list[0]:"", ", ")); + list <string> backup = ciphers; + if (action == "remove_cipher") { - // FIXME - y2error ("Removing ciphers not yet supported"); + string cipher_to_remove = (string) UI::QueryWidget (`id ("Ciphers"), `CurrentItem); + if (Confirm::Delete (cipher_to_remove)) { + y2milestone ("Removing: %1", cipher_to_remove); + + ciphers = filter (string one_cipher, ciphers, { + return (one_cipher != cipher_to_remove); + }); + } } else if (action == "add_cipher") { string cipher_to_add = (string) UI::QueryWidget (`id ("supported_ciphers"), `Value); - // FIXME - y2error ("Adding ciphers not yet supported"); + y2milestone ("Adding: %1", cipher_to_add); + + if (cipher_to_add != nil) { + ciphers = toset (add (ciphers, cipher_to_add)); + } + } + + // Nothing has changed + if (ciphers == backup) { + return nil; + } + + if (ciphers != nil) { + list <string> tmp_list = Sshd::GetDefaultSSHDOption ("Ciphers"); + list <string> defaults = sort (splitstring (tmp_list[0]:"", ", ")); + + // the default ciphers -> remove the entry completely + if (ciphers == defaults) { + Sshd::SetSSHDOption ("Ciphers", nil); + } else { + Sshd::SetSSHDOption ("Ciphers", [mergestring (ciphers, ",")]); + } + } else { + y2error ("Ciphers: %1", ciphers); } + + InitCipherTable(); + + return nil; } /** @@ -301,7 +353,7 @@ // Stores all boolean values and turns them to the "yes"/"no" notation foreach (string key, ["PrintMotd", "PermitRootLogin", - "PasswordAuthentication", "RSAAuthentication", "PubkeyAuthentication"], { + /* "PasswordAuthentication", BNC #469207 */ "RSAAuthentication", "PubkeyAuthentication"], { Sshd::SetSSHDOption( key, [ (((boolean) UI::QueryWidget(`id(key), `Value) == true) ? "yes":"no") ] diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-sshd-2.17.0/src/dialogs.ycp new/yast2-sshd-2.18.0/src/dialogs.ycp --- old/yast2-sshd-2.17.0/src/dialogs.ycp 2008-12-03 15:37:40.000000000 +0100 +++ new/yast2-sshd-2.18.0/src/dialogs.ycp 2009-01-29 10:48:01.000000000 +0100 @@ -29,7 +29,7 @@ } term ServerConfigurationDialogContent () { - return `MarginBox (mbox_x, mbox_y, `VBox ( + return `VBox ( `Left(`Label(_("SSHD TCP Ports"))), `Left( `VBox ( @@ -46,82 +46,87 @@ `PushButton(`id("delete_port"), _("&Delete")) )), `VSpacing(1), - `MarginBox (mbox_x, mbox_y, `Frame ( + `Frame ( /* a dialog frame caption */ _("Server Features"), - `VBox ( + `MarginBox (mbox_x, mbox_y, `VBox ( /* a check box */ `Left(`CheckBox(`id("AllowTcpForwarding"), _("Allow &TCP Forwarding"))), /* a check box */ `Left(`CheckBox(`id("X11Forwarding"), _("Allow &X11 Forwarding"))), /* a check box */ `Left(`CheckBox(`id("Compression"), _("Allow &Compression"))) - ) - )), + )) + ), + `VSpacing(1), + "fw", `VStretch() ) ) - )); + ); } term LoginSettingsDialogContent () { - return `MarginBox (mbox_x, mbox_y, `VBox( + return `VBox ( `Frame ( _("General Login Settings"), - `VBox ( + `MarginBox (mbox_x, mbox_y, `VBox ( /* A check box */ `Left(`CheckBox(`id("PrintMotd"), _("Print &Message of the Day After Login"))), /* A check box */ `Left(`CheckBox(`id("PermitRootLogin"), _("Permi&t Root Login"))) - ) + )) ), `VSpacing(1), `Frame ( _("Authentication Settings"), - `VBox ( + `MarginBox (mbox_x, mbox_y, `VBox ( /* A text entry */ `Left(`InputField(`id("MaxAuthTries"), _("Ma&ximum Authentication Tries"))), - /* A check box */ - `Left(`CheckBox (`id("PasswordAuthentication"), _("Pa&ssword Authentication"))), + +// BNC #469207 +// /* A check box */ +// `Left(`CheckBox (`id("PasswordAuthentication"), _("Pa&ssword Authentication"))), + /* A check box */ `Left(`CheckBox (`id("RSAAuthentication"), _("RSA Authenti&cation"))), /* A check box */ `Left(`CheckBox (`id("PubkeyAuthentication"), _("Public &Key Authentication"))) - ) + )) ), `VStretch() - )); + ); } term ProtoAndCipherDialogContent () { - return `MarginBox (mbox_x, mbox_y, `VBox ( + return `VBox ( `Frame( _("Supported SSH protocol versions"), `RadioButtonGroup (`id(`rb), - `VBox( + `MarginBox (mbox_x, mbox_y, `VBox( `Left(`RadioButton (`id("SSHv21"), _("&2 and 1"))), `Left(`RadioButton (`id("SSHv2"), _("2 &only"))), `Left(`RadioButton (`id("SSHv1"), _("&1 only"))) - ) + )) ) ), `HBox( `VBox( `Left(`ComboBox(`id("supported_ciphers"), _("&Supported Ciphers"),[])), - `Table(`id("Ciphers"), `header("Cipher"), []) + `Table(`id("Ciphers"), `header(_("Cipher")), []) ), `HSquash( `VBox ( `VSpacing( 1.1 ), `PushButton ( `id ( "add_cipher" ), `opt ( `hstretch ), " " + Label::AddButton() + " "), - `PushButton ( `id ( "remove_cipher" ), `opt ( `hstretch ), " " + Label::RemoveButton() + " "), + `PushButton ( `id ( "remove_cipher" ), `opt ( `hstretch ), " " + Label::DeleteButton() + " "), `Empty(`opt(`vstretch)) ) ) ), `VStretch() - )); + ); } } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-sshd-2.17.0/src/Sshd.ycp new/yast2-sshd-2.18.0/src/Sshd.ycp --- old/yast2-sshd-2.17.0/src/Sshd.ycp 2008-04-15 11:06:18.000000000 +0200 +++ new/yast2-sshd-2.18.0/src/Sshd.ycp 2009-01-29 10:47:59.000000000 +0100 @@ -20,6 +20,7 @@ import "Popup"; import "SCR"; import "Mode"; +import "SuSEFirewall"; /** * Data was modified? @@ -60,10 +61,11 @@ "PermitRootLogin" : ["yes"], "IgnoreUserKnownHosts" : ["no"], "MaxAuthTries" : ["6"], - "PasswordAuthentication" : ["yes"], + // BNC #469207 + // "PasswordAuthentication" : ["yes"], "RSAAuthentication" : ["no"], "PubkeyAuthentication" : ["yes"], - "Cipher" : ["aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr"], + "Ciphers" : ["aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr"], ]; /** @@ -223,18 +225,22 @@ /* SSHD read dialog caption */ string caption = _("Initializing the SSHD Configuration"); - integer steps = 2; + integer steps = 3; Progress::New( caption, " ", steps, [ - /* Progress stage 1/2 */ + /* Progress stage 1 */ _("Read the current SSHD configuration"), - /* Progress stage 2/2 */ - _("Read the current SSHD state") + /* Progress stage 2 */ + _("Read the current SSHD state"), + /* Progress stage 3 */ + _("Read firewall settings") ], [ - /* Progress step 1/2 */ + /* Progress step 1 */ _("Reading the current SSHD configuration..."), - /* Progress step 2/2 */ + /* Progress step 2 */ _("Reading the current SSHD state..."), + /* Progress step 3 */ + _("Reading firewall settings..."), /* Progress finished */ Message::Finished() ], @@ -256,6 +262,14 @@ sleep(sl); if (PollAbort()) return false; + Progress::NextStep(); + boolean progress_state = Progress::set (false); + /* Error message */ + if(!SuSEFirewall::Read()) Report::Error(_("Cannot read firewall settings.")); + Progress::set (progress_state); + sleep(sl); + + if (PollAbort()) return false; Progress::NextStage (); sleep(sl); @@ -272,18 +286,22 @@ /* SSHD read dialog caption */ string caption = _("Saving the SSHD Configuration"); - integer steps = 2; + integer steps = 3; Progress::New(caption, " ", steps, [ - /* Progress stage 1/2 */ + /* Progress stage 1 */ _("Write the SSHD settings"), - /* Progress stage 2/2 */ - _("Adjust the SSHD service") + /* Progress stage 2 */ + _("Adjust the SSHD service"), + /* Progress stage 3 */ + _("Write firewall settings") ], [ - /* Progress step 1/2 */ + /* Progress step 1 */ _("Writing the SSHD settings..."), - /* Progress step 2/2 */ + /* Progress step 2 */ _("Adjusting the SSHD service..."), + /* Progress step 3 */ + _("Writing firewall settings..."), Message::Finished() ], "" @@ -303,6 +321,14 @@ if(!WriteSSHDService()) Report::Error (Message::CannotAdjustService("sshd")); sleep(sl); + if(PollAbort()) return false; + Progress::NextStage (); + boolean progress_state = Progress::set (false); + /* Error message */ + if(!SuSEFirewall::Write()) Report::Error(_("Cannot write firewall settings.")); + Progress::set (progress_state); + sleep(sl); + Progress::NextStage (); sleep(sl); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-sshd-2.17.0/src/wizards.ycp new/yast2-sshd-2.18.0/src/wizards.ycp --- old/yast2-sshd-2.17.0/src/wizards.ycp 2007-11-16 20:34:34.000000000 +0100 +++ new/yast2-sshd-2.18.0/src/wizards.ycp 2008-12-16 17:51:11.000000000 +0100 @@ -13,6 +13,7 @@ import "Wizard"; import "CWM"; import "CWMTab"; +import "CWMFirewallInterfaces"; include "sshd/complex.ycp"; include "sshd/dialogs.ycp"; @@ -47,12 +48,16 @@ "init" : InitProtocolConfigurationDialog, "store" : StoreProtocolConfigurationDialog, ], + "fw" : CWMFirewallInterfaces::CreateOpenFirewallWidget ($[ + "services" : [ "service:sshd" ], + "display_details" : true, + ]), ]; map <string, any> tabs = $[ "server_configuration" : $[ "header" : _("&General"), - "widget_names" : ["sc"], + "widget_names" : ["sc", "fw"], "contents" : ServerConfigurationDialogContent(), ], "login_settings" : $[ @@ -88,9 +93,10 @@ contents, "", Label::BackButton (), - Label::FinishButton() + Label::OKButton() ); - Wizard::DisableBackButton (); + Wizard::HideBackButton (); + Wizard::SetAbortButton(`abort, Label::CancelButton()); Wizard::SetTitleIcon("yast-sshd"); return CWM::Run (w, $[`abort : ReallyExit]); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-sshd-2.17.0/VERSION new/yast2-sshd-2.18.0/VERSION --- old/yast2-sshd-2.17.0/VERSION 2008-12-03 15:38:59.000000000 +0100 +++ new/yast2-sshd-2.18.0/VERSION 2009-01-29 10:49:59.000000000 +0100 @@ -1 +1 @@ -2.17.0 +2.18.0 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org