[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.11-25-g42e01bf

[Git repo owner]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.22.x has been updated
       via  42e01bf600f04fb0aa1de7e88794b355897740a3 (commit)
      from  db695c4aedbc6b9cb121dd7cacf9aa9e59180842 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 42e01bf600f04fb0aa1de7e88794b355897740a3
Author: Mason James <mtj at kohaaloha.com>
Date:   Wed Aug 3 16:32:00 2016 +1200

    Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default
    
    to test bug...
     1/ make a random user
     2/ change to random user
     3/ access any zebra database with random user and no authentication
     4/ read zebra database
    
    here is a transcript of the bug...
    ---------------------------
    root at xen1:~# adduser bob
    root at xen1:~# su -l bob
    
    bob at xen1:~$ cd /var/lib/koha
    bob at xen1:/var/lib/koha$ ls
    topsecret
    
    bob at xen1:/var/lib/koha$ yaz-client  unix:/var/run/koha/topsecret/bibliosocket
    Connecting...OK.
    Sent initrequest.
    Connection accepted by v3 target.
    ID     : 81
    Name   : Zebra Information Server/GFS/YAZ
    Version: 4.2.30 98864b44c654645bc16b2c54f822dc2e45a93031
    Options: search present delSet triggerResourceCtrl scan sort extendedServices namedResultSets
    Elapsed: 0.001002
    
    Z> base biblios;
    
    Z> find the
    Sent searchRequest.
    Received SearchResponse.
    Search was a success.
    Number of hits: 1130, setno 2
    SearchResult-1: term=the cnt=1130
    records returned: 0
    Elapsed: 0.005518
    
    Z> show
    Sent presentRequest (1+1).
    Records: 1
    [biblios]Record type: USmarc
    01824cam a2200397 a 4500
    001 000045782309
    003 AuCNLKIN
    005 20111013213222.0
    008 100707s2011    maua          001 0 e
    ...
    ---------------------------
    
    5/ apply changes to a Koha instance's config files, that you plan to test
    
    6/ restart zebra for instance
     # sudo koha-restart-zebra topsecret
    
    7/ repeat steps 2 and 3, but receive a 'bad user/passwd ' error from zebra
    
    bob at xen1:~$ yaz-client unix:/var/run/koha/topsecret/bibliosocket
    Connecting...OK.
    Sent initrequest.
    Connection rejected by v3 target.
        1: code=1011 (Init/AC: Bad Userid and/or Password),
    
    NOTE: this patch currently will only fixes newly created instances, it wont fix existing instances
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    
    Good catch Mason
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    
    Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
    (cherry picked from commit f2196a2e4f21a9a294c970a1ad067f5c3d1cb4eb)
    Signed-off-by: Frédéric Demians <f.demians at tamil.fr>
    (cherry picked from commit f3917fc8cb8c49bc85e7d371043cae8bd276063d)
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>

-----------------------------------------------------------------------

Summary of changes:
 etc/zebradb/zebra-authorities-dom.cfg |    2 +-
 etc/zebradb/zebra-authorities.cfg     |    2 +-
 etc/zebradb/zebra-biblios-dom.cfg     |    2 +-
 etc/zebradb/zebra-biblios.cfg         |    2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
main Koha release repository