[koha-commits] main Koha release repository branch 3.22.x updated. v3.22.11-25-g42e01bf
Git repo owner
gitmaster at git.koha-community.org
Mon Oct 24 11:43:57 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.22.x has been updated
via 42e01bf600f04fb0aa1de7e88794b355897740a3 (commit)
from db695c4aedbc6b9cb121dd7cacf9aa9e59180842 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 42e01bf600f04fb0aa1de7e88794b355897740a3
Author: Mason James <mtj at kohaaloha.com>
Date: Wed Aug 3 16:32:00 2016 +1200
Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default
to test bug...
1/ make a random user
2/ change to random user
3/ access any zebra database with random user and no authentication
4/ read zebra database
here is a transcript of the bug...
---------------------------
root at xen1:~# adduser bob
root at xen1:~# su -l bob
bob at xen1:~$ cd /var/lib/koha
bob at xen1:/var/lib/koha$ ls
topsecret
bob at xen1:/var/lib/koha$ yaz-client unix:/var/run/koha/topsecret/bibliosocket
Connecting...OK.
Sent initrequest.
Connection accepted by v3 target.
ID : 81
Name : Zebra Information Server/GFS/YAZ
Version: 4.2.30 98864b44c654645bc16b2c54f822dc2e45a93031
Options: search present delSet triggerResourceCtrl scan sort extendedServices namedResultSets
Elapsed: 0.001002
Z> base biblios;
Z> find the
Sent searchRequest.
Received SearchResponse.
Search was a success.
Number of hits: 1130, setno 2
SearchResult-1: term=the cnt=1130
records returned: 0
Elapsed: 0.005518
Z> show
Sent presentRequest (1+1).
Records: 1
[biblios]Record type: USmarc
01824cam a2200397 a 4500
001 000045782309
003 AuCNLKIN
005 20111013213222.0
008 100707s2011 maua 001 0 e
...
---------------------------
5/ apply changes to a Koha instance's config files, that you plan to test
6/ restart zebra for instance
# sudo koha-restart-zebra topsecret
7/ repeat steps 2 and 3, but receive a 'bad user/passwd ' error from zebra
bob at xen1:~$ yaz-client unix:/var/run/koha/topsecret/bibliosocket
Connecting...OK.
Sent initrequest.
Connection rejected by v3 target.
1: code=1011 (Init/AC: Bad Userid and/or Password),
NOTE: this patch currently will only fixes newly created instances, it wont fix existing instances
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Good catch Mason
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan at bywatersolutions.com>
(cherry picked from commit f2196a2e4f21a9a294c970a1ad067f5c3d1cb4eb)
Signed-off-by: Frédéric Demians <f.demians at tamil.fr>
(cherry picked from commit f3917fc8cb8c49bc85e7d371043cae8bd276063d)
Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
etc/zebradb/zebra-authorities-dom.cfg | 2 +-
etc/zebradb/zebra-authorities.cfg | 2 +-
etc/zebradb/zebra-biblios-dom.cfg | 2 +-
etc/zebradb/zebra-biblios.cfg | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list