[koha-commits] main Koha release repository branch master updated. v16.05.00-460-g86144a6
Git repo owner
gitmaster at git.koha-community.org
Wed Aug 10 15:23:06 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via 86144a65e0a674c80737f31dcc81f984dd4744e5 (commit)
via 0fe7a4aa8e168f173835ddf54cddff898830a270 (commit)
via 523d0be9dc795a676aae907736394e64e33350a3 (commit)
from 09d0b1310bda677b6939b59ea8a68f84e2ec93f6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 86144a65e0a674c80737f31dcc81f984dd4744e5
Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Date: Fri Jul 29 12:35:22 2016 +0200
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Marc <veron at veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 0fe7a4aa8e168f173835ddf54cddff898830a270
Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Date: Thu Jul 21 08:48:01 2016 +0200
Bug 16929: [QA Follow-up] Shortcut methods and use statements
Resolves the following comments:
I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Marc <veron at veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 523d0be9dc795a676aae907736394e64e33350a3
Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Date: Fri Jul 15 14:16:07 2016 +0200
Bug 16929: Prevent opac-memberentry waiting for random chars
Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.
Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.
Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron at veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Installer/PerlDependencies.pm | 5 ++
Koha/Token.pm | 182 ++++++++++++++++++++++++++++++++++++++
opac/opac-memberentry.pl | 25 ++++--
t/Token.t | 45 ++++++++++
4 files changed, 251 insertions(+), 6 deletions(-)
create mode 100644 Koha/Token.pm
create mode 100644 t/Token.t
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list