Hello community,

here is the log from the commit of package yast2-firewall for openSUSE:Factory 
checked in at 2020-10-26 16:13:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old)
 and      /work/SRC/openSUSE:Factory/.yast2-firewall.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "yast2-firewall"

Mon Oct 26 16:13:04 2020 rev:87 rq:843567 version:4.3.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes    
2020-10-22 14:22:44.570775053 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-firewall.new.3463/yast2-firewall.changes  
2020-10-26 16:13:36.866788084 +0100
@@ -1,0 +2,8 @@
+Thu Oct 22 20:44:20 UTC 2020 - Josef Reidinger <jreidin...@suse.com>
+
+- Do not warn user about ssh key only authentication when
+  ssh port is closed, but firewall is disabled.
+  (bsc#1177953)
+- 4.3.8
+
+-------------------------------------------------------------------

Old:
----
  yast2-firewall-4.3.7.tar.bz2

New:
----
  yast2-firewall-4.3.8.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-firewall.spec ++++++
--- /var/tmp/diff_new_pack.cnZDj2/_old  2020-10-26 16:13:38.942789994 +0100
+++ /var/tmp/diff_new_pack.cnZDj2/_new  2020-10-26 16:13:38.950790002 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-firewall
-Version:        4.3.7
+Version:        4.3.8
 Release:        0
 Summary:        YaST2 - Firewall Configuration
 License:        GPL-2.0-only

++++++ yast2-firewall-4.3.7.tar.bz2 -> yast2-firewall-4.3.8.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-firewall-4.3.7/package/yast2-firewall.changes 
new/yast2-firewall-4.3.8/package/yast2-firewall.changes
--- old/yast2-firewall-4.3.7/package/yast2-firewall.changes     2020-10-19 
10:30:42.000000000 +0200
+++ new/yast2-firewall-4.3.8/package/yast2-firewall.changes     2020-10-23 
11:03:18.000000000 +0200
@@ -1,4 +1,12 @@
 -------------------------------------------------------------------
+Thu Oct 22 20:44:20 UTC 2020 - Josef Reidinger <jreidin...@suse.com>
+
+- Do not warn user about ssh key only authentication when
+  ssh port is closed, but firewall is disabled.
+  (bsc#1177953)
+- 4.3.8
+
+-------------------------------------------------------------------
 Fri Oct 16 15:15:49 UTC 2020 - Josef Reidinger <jreidin...@suse.com>
 
 - Do not enable firewall during first stage of AutoYaST
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-firewall-4.3.7/package/yast2-firewall.spec 
new/yast2-firewall-4.3.8/package/yast2-firewall.spec
--- old/yast2-firewall-4.3.7/package/yast2-firewall.spec        2020-10-19 
10:30:42.000000000 +0200
+++ new/yast2-firewall-4.3.8/package/yast2-firewall.spec        2020-10-23 
11:03:18.000000000 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-firewall
-Version:        4.3.7
+Version:        4.3.8
 Release:        0
 Summary:        YaST2 - Firewall Configuration
 Group:          System/YaST
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-firewall-4.3.7/src/lib/y2firewall/proposal_settings.rb 
new/yast2-firewall-4.3.8/src/lib/y2firewall/proposal_settings.rb
--- old/yast2-firewall-4.3.7/src/lib/y2firewall/proposal_settings.rb    
2020-10-19 10:30:42.000000000 +0200
+++ new/yast2-firewall-4.3.8/src/lib/y2firewall/proposal_settings.rb    
2020-10-23 11:03:18.000000000 +0200
@@ -126,9 +126,14 @@
     # @return [Boolean] true if the root user uses only public key
     #   authentication and the system is not accesible through ssh
     def access_problem?
+      # public key is not the only way
       return false unless only_public_key_auth
 
-      !(@open_ssh && @enable_sshd)
+      # without running sshd it is useless
+      return true unless @enable_sshd
+
+      # firewall is up and port for ssh is not open
+      @enable_firewall && !@open_ssh
     end
 
   private
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-firewall-4.3.7/test/lib/y2firewall/proposal_settings_test.rb 
new/yast2-firewall-4.3.8/test/lib/y2firewall/proposal_settings_test.rb
--- old/yast2-firewall-4.3.7/test/lib/y2firewall/proposal_settings_test.rb      
2020-10-19 10:30:42.000000000 +0200
+++ new/yast2-firewall-4.3.8/test/lib/y2firewall/proposal_settings_test.rb      
2020-10-23 11:03:18.000000000 +0200
@@ -209,28 +209,40 @@
 
   describe "#access_problem?" do
     let(:ssh_enabled) { true }
+    let(:firewall_enabled) { true }
     let(:ssh_open) { true }
     let(:only_ssh_key_auth) { true }
 
     before do
       subject.enable_sshd = ssh_enabled
+      subject.enable_firewall = firewall_enabled
       subject.open_ssh = ssh_open
       allow(subject).to 
receive(:only_public_key_auth).and_return(only_ssh_key_auth)
     end
 
     context "when the root user uses only SSH key based authentication" do
       context "when sshd is enabled" do
-        context "and the SSH port is open" do
-          it "returns false" do
-            expect(subject.access_problem?).to eql(false)
+        context "and firewall is enabled" do
+          context "and the SSH port is open" do
+            it "returns false" do
+              expect(subject.access_problem?).to eql(false)
+            end
+          end
+
+          context "and the SSH port is close" do
+            let(:ssh_open) { false }
+
+            it "returns true" do
+              expect(subject.access_problem?).to eql(true)
+            end
           end
         end
 
-        context "and the SSH port is close" do
-          let(:ssh_open) { false }
+        context "and firewall is disabled" do
+          let(:firewall_enabled) { false }
 
-          it "returns true" do
-            expect(subject.access_problem?).to eql(true)
+          it "returns false" do
+            expect(subject.access_problem?).to eql(false)
           end
         end
       end


Reply via email to