[koha-commits] main Koha release repository branch master updated. v3.12.00-beta1-1210-gbdec967

Git repo owner gitmaster at git.koha-community.org
Fri Oct 4 02:03:54 CEST 2013 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  bdec9673bf2cafcbdd8a6edcef4f085fcdd68071 (commit)
       via  d17bdf26dda4aaa7cbde2951fc373df871ac74a8 (commit)
       via  419af5db00c31eb93f915b9cebdd06e5ca4775ca (commit)
       via  e23e8166f19128e8cfe16a631ddee6ea0c59187c (commit)
       via  4159e55a1a01bb1407a9dc3220676021f24eda67 (commit)
       via  12643aa745e3d7a49c4a42e3e5fed4e6910e12a2 (commit)
       via  328a285575e0c6069665439cd7ab16142984fac6 (commit)
       via  7d5cf5b7e925a1e376d530f86a79673d892ac7df (commit)
       via  4be177c1aebe852a77efff451875c083092312c8 (commit)
       via  2e390f09f7960040f080645183630c3c99c5c564 (commit)
       via  f2162a86b06c3338cde69b5a8ccf393c724c1e78 (commit)
      from  88936cb5245b854d5396d5bca0a9719a9a9bd1cc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bdec9673bf2cafcbdd8a6edcef4f085fcdd68071
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Thu Oct 3 23:41:17 2013 +0000

    Bug 9611: (follow-up) add libcrypt-eksblowfish-perl to debian/control
    
    (Not strictly necessary, but since we haven't removed
     debian/control yet...)
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit d17bdf26dda4aaa7cbde2951fc373df871ac74a8
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Thu Oct 3 22:31:45 2013 +0000

    Bug 9611: DBRev 3.13.00.023
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit 419af5db00c31eb93f915b9cebdd06e5ca4775ca
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Thu Oct 3 22:24:04 2013 +0000

    bug 9611: (follow-up) add reference to Crypt::Eksblowfish::Bcrypt in POD
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit e23e8166f19128e8cfe16a631ddee6ea0c59187c
Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Date:   Sat Sep 28 20:45:04 2013 -0300

    Bug 9611: (follow-up) fix POD
    
    Small patch to make koha-qa happy.
    Fixes small POD error
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit 4159e55a1a01bb1407a9dc3220676021f24eda67
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date:   Sun Feb 17 08:22:07 2013 +1300

    Bug 9611: Database update, changing password from varchar(30) to varchar(60)
    
    This is necessary because Bcrypt hashes are longer than MD5 hashes.
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Signed-off-by: Mason James <mtj at kohaaloha.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit 12643aa745e3d7a49c4a42e3e5fed4e6910e12a2
Author: Srdjan <srdjan at catalyst.net.nz>
Date:   Mon Aug 26 17:01:20 2013 +1200

    bug 9611: use checkpw_hash() instead of md5 hash for SIP2 logins
    
    Test:
    
    * SIP: Have an old user and create a new user
    - use either tenet sip test or
      C4/SIP/interactive_patron_check_password.pl to check old
      userid/password
    - do the same for the new user
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Work as described
    
    Test
    1) using perl C4/SIP/interactive_patron_check_password.pl
    can check current (short) and new (long) passwords
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit 328a285575e0c6069665439cd7ab16142984fac6
Author: Srdjan <srdjan at catalyst.net.nz>
Date:   Fri Aug 23 20:02:53 2013 +1200

    bug 9611: use hash_password() and checkpw_* for LDAP logins instead of md5 hash
    
    Test:
    
    * LDAP:
    - Turn on LDAP auth in koha-config.xml. Set "update" in your server config to 1
    - Change user's password on LDAP
    - Login to Koha using LDAP - Koha password should be updated, to check
    - Turn off LDAP auth in koha-config.xml
    - You should be ble to log in with the new password
    
    I do not have a LDAP facility, so I cheated. I ran
    perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("srdjan", 1000022259, "srdjan");'
    and was able to change the password.
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Work as described.
    
    Test
    1) change <useldapserver> to 1
    2) copy/paste sample <ldapserver> config from perldoc C4/Auth_with_ldap
    3) using sample script was able to change password,
    use (userid, borrowernumber, newpass) as arguments
    4) checked with OPAC and in database
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit 7d5cf5b7e925a1e376d530f86a79673d892ac7df
Author: Srdjan <srdjan at catalyst.net.nz>
Date:   Mon Aug 26 17:05:07 2013 +1200

    bug 9611: (follow-up) remove md5_base64 from imports - not used
    
    RM note: Digest::MD5 is used in C4::ImportExportFramework as part
    of an unnecessary reimplementation of functionality supplied by
    File::Temp.  See bug 10991 for a proposal to remove it.
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit 4be177c1aebe852a77efff451875c083092312c8
Author: Srdjan <srdjan at catalyst.net.nz>
Date:   Mon Aug 26 16:29:10 2013 +1200

    bug 9611: Extract checkpw_internal() and checkpw_hash() from checkpw()
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit 2e390f09f7960040f080645183630c3c99c5c564
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date:   Sun Feb 17 08:32:46 2013 +1300

    Bug 9611: add Crypt::Eksblowfish::Bcrypt to list of Perl dependencies
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Signed-off-by: Mason James <mtj at kohaaloha.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit f2162a86b06c3338cde69b5a8ccf393c724c1e78
Author: Srikanth Dhondi <srikanth at catalyst.net.nz>
Date:   Wed Feb 13 14:40:02 2013 +1300

    Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt
    
    What this patch aims to accomplish?
    
     * All new passwords are stored as Bcrypt-hashes
     * For password verification:
         - If the user was created before this patch was applied then use
            MD5 to hash the entered password <-- backwards compatibility
         - If the user was created after this patch was applied then use
           Bcrypt to hash the entered password
     * Any password change made via the staff interface or the OPAC will
       be automatically Bcrypt-hashed; this applies to old users whose
       passwords were stored as MD5 hashes previously
    
    Test plan:
      1) Add new users and check whether their passwords are stored as
         Bcrypt hashes or not.
      2) To test that authentication works for both old as well as new
         users:
           a) Login as an existing user whose password is stored as a
              MD5 hash
           b) Login as an existing user whose password is stored as a
              Bcrypt hash
      3) In the staff interface, change the password of an existing user
         whose password is stored as an MD5 hash
    	a) Check the new password is stored as a Bcrypt-hash in the database
    	b) Try to login with the new password
      4) In the OPAC, verify that
        a) Old user with old pass can change password, new format
        b) New user with new pass can change password
        c) Old and new user with self-updated pass can login
    
    Whitespace cleanup was contributed by  Bernardo Gonzalez Kriegel.
    
    Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
    Signed-off-by: Mason James <mtj at kohaaloha.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Auth.pm                             |  132 +++++++++++++++++++++++++++++---
 C4/Auth_with_ldap.pm                   |   64 ++++++++--------
 C4/ImportExportFramework.pm            |    2 +-
 C4/Installer/PerlDependencies.pm       |    5 ++
 C4/Members.pm                          |   35 ++-------
 C4/SIP/ILS/Patron.pm                   |   14 ++--
 debian/control                         |    1 +
 installer/data/mysql/kohastructure.sql |    2 +-
 installer/data/mysql/updatedatabase.pl |    7 ++
 kohaversion.pl                         |    2 +-
 members/member-password.pl             |    2 +-
 opac/opac-passwd.pl                    |   13 +++-
 12 files changed, 195 insertions(+), 84 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list