[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #32 from Mason James--- Pushed to 16.05.x, for 16.05.09 release -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Mason Jameschanged: What|Removed |Added Blocks||17905 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Mason Jameschanged: What|Removed |Added CC||m...@kohaaloha.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Blocks||17109 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17109 [Bug 17109] sendbasket: Remove second authentication, add CSRF token -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Mirko Tietgenchanged: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=17084 --- Comment #31 from Mirko Tietgen --- The corresponding control file update is at bug 17084: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17084#c1 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Kyle M Hallchanged: What|Removed |Added Status|Passed QA |Pushed to Master CC||k...@bywatersolutions.com --- Comment #30 from Kyle M Hall --- Pushed to master for 16.11, thanks Marcel! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Blocks||17097 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Blocks||17096 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #29 from Marcel de Rooy--- Rebased last patch for Dependencies.pm (trivial) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Attachment #54154|0 |1 is obsolete|| --- Comment #28 from Marcel de Rooy --- Created attachment 54216 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54216=edit Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure Signed-off-by: Marcel de Rooy Signed-off-by: Marc Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Attachment #54144|0 |1 is obsolete|| --- Comment #26 from Jonathan Druart --- Created attachment 54153 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54153=edit Bug 16929: [QA Follow-up] Shortcut methods and use statements Resolves the following comments: I'd prefer to see a generate_csrf method than a CSRF flag. It'd be better to use instead of require the 2 modules. Signed-off-by: Marcel de Rooy Signed-off-by: Marc Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Attachment #54143|0 |1 is obsolete|| --- Comment #25 from Jonathan Druart --- Created attachment 54152 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54152=edit Bug 16929: Prevent opac-memberentry waiting for random chars Move calls to WWW::CSRF to Koha::Token. Send a safe random string to WWW::CSRF instead of letting CSRF make a blocking call to Bytes::Random::Secure. If your server has not enough entropy, opac-memberentry will hang waiting for more characters in dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking flag. Test plan: [1] Do not yet apply this patch. [2] If your server has not enough entropy, calling opac-memberentry may take a while. But this not may be the case for you (no worries). [3] Apply this patch. [4] Verify that opac-memberentry still works as expected. [5] Run t/Token.t Signed-off-by: Marcel de Rooy Yes, my server had entropy trouble (reason for finding the problem). This patch resolves the delay. Tested all 3 patches together, works as expected. Signed-off-by: Marc Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Attachment #54151|0 |1 is obsolete|| --- Comment #27 from Jonathan Druart --- Created attachment 54154 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54154=edit Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure Signed-off-by: Marcel de Rooy Signed-off-by: Marc Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #24 from Mirko Tietgen--- (In reply to Jonathan Druart from comment #21) > Marcel, why did you choose 0.29? 0.28 is packaged for jessie. > > I also think that we need to fill debian/control for new deps. > Mirko, could you confirm that you expect from devs to update it? In theory, yes. but since the file is supposed to be generated, not edited manually, and it will clash with other bugs with dependencies, I think it's easier if I do it once something got pushed. I'm working on automating that. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Status|Failed QA |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Attachment #54145|0 |1 is obsolete|| --- Comment #23 from Marcel de Rooy --- Created attachment 54151 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54151=edit Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure Signed-off-by: Marcel de Rooy Signed-off-by: Marc -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #22 from Marcel de Rooy--- (In reply to Jonathan Druart from comment #21) > Marcel, why did you choose 0.29? 0.28 is packaged for jessie. > > I also think that we need to fill debian/control for new deps. > Mirko, could you confirm that you expect from devs to update it? I would say that the PM edits debian/control, not individual devs .. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Status|Signed Off |Failed QA --- Comment #21 from Jonathan Druart --- Marcel, why did you choose 0.29? 0.28 is packaged for jessie. I also think that we need to fill debian/control for new deps. Mirko, could you confirm that you expect from devs to update it? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marc Véronchanged: What|Removed |Added CC||ve...@veron.ch Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marc Véronchanged: What|Removed |Added Attachment #54142|0 |1 is obsolete|| --- Comment #20 from Marc Véron --- Created attachment 54145 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54145=edit Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure Signed-off-by: Marcel de Rooy Signed-off-by: Marc -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marc Véronchanged: What|Removed |Added Attachment #54141|0 |1 is obsolete|| --- Comment #19 from Marc Véron --- Created attachment 54144 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54144=edit Bug 16929: [QA Follow-up] Shortcut methods and use statements Resolves the following comments: I'd prefer to see a generate_csrf method than a CSRF flag. It'd be better to use instead of require the 2 modules. Signed-off-by: Marcel de Rooy Signed-off-by: Marc -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marc Véronchanged: What|Removed |Added Attachment #54140|0 |1 is obsolete|| --- Comment #18 from Marc Véron --- Created attachment 54143 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54143=edit Bug 16929: Prevent opac-memberentry waiting for random chars Move calls to WWW::CSRF to Koha::Token. Send a safe random string to WWW::CSRF instead of letting CSRF make a blocking call to Bytes::Random::Secure. If your server has not enough entropy, opac-memberentry will hang waiting for more characters in dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking flag. Test plan: [1] Do not yet apply this patch. [2] If your server has not enough entropy, calling opac-memberentry may take a while. But this not may be the case for you (no worries). [3] Apply this patch. [4] Verify that opac-memberentry still works as expected. [5] Run t/Token.t Signed-off-by: Marcel de Rooy Yes, my server had entropy trouble (reason for finding the problem). This patch resolves the delay. Tested all 3 patches together, works as expected. Signed-off-by: Marc -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #17 from Marcel de Rooy--- Rebased for opac-memberentry and Dependencies.pm -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Attachment #53552|0 |1 is obsolete|| --- Comment #15 from Marcel de Rooy --- Created attachment 54141 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54141=edit Bug 16929: [QA Follow-up] Shortcut methods and use statements Resolves the following comments: I'd prefer to see a generate_csrf method than a CSRF flag. It'd be better to use instead of require the 2 modules. Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Attachment #53809|0 |1 is obsolete|| --- Comment #16 from Marcel de Rooy --- Created attachment 54142 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54142=edit Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Attachment #53487|0 |1 is obsolete|| --- Comment #14 from Marcel de Rooy --- Created attachment 54140 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54140=edit Bug 16929: Prevent opac-memberentry waiting for random chars Move calls to WWW::CSRF to Koha::Token. Send a safe random string to WWW::CSRF instead of letting CSRF make a blocking call to Bytes::Random::Secure. If your server has not enough entropy, opac-memberentry will hang waiting for more characters in dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking flag. Test plan: [1] Do not yet apply this patch. [2] If your server has not enough entropy, calling opac-memberentry may take a while. But this not may be the case for you (no worries). [3] Apply this patch. [4] Verify that opac-memberentry still works as expected. [5] Run t/Token.t Signed-off-by: Marcel de Rooy Yes, my server had entropy trouble (reason for finding the problem). This patch resolves the delay. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Mirko Tietgenchanged: What|Removed |Added Keywords|nowheezy| --- Comment #13 from Mirko Tietgen --- libbytes-random-secure-perl is in the Koha stable and olstable repositories now. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #12 from Mirko Tietgen--- > It actually came with WWW::CSRF. It loads Bytes::Random::Secure. Is there a > package for that one? If it is used directly, I think it should be in PerlDependencies. There is no package for WWW:CSRF in Wheezy. I created packages for it and dependencies for the unstable branch for bug 16591. https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16591#c7 I did not get any feedback regarding Wheezy so far and did not have time to try it myself, so I have not added them to oldstable yet. > Will add a follow-up for B::R::S Thanks! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #11 from Marcel de Rooy--- Created attachment 53809 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=53809=edit Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #10 from Marcel de Rooy--- (In reply to Mirko Tietgen from comment #9) > Bytes::Random::Secure should be added to PerlDependencies.pm. > > libbytes-random-secure-perl is not available for Debian Wheezy. It actually came with WWW::CSRF. It loads Bytes::Random::Secure. Is there a package for that one? Will add a follow-up for B::R::S -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Mirko Tietgenchanged: What|Removed |Added Keywords||dependency, nowheezy CC||mi...@abunchofthings.net --- Comment #9 from Mirko Tietgen --- Bytes::Random::Secure should be added to PerlDependencies.pm. libbytes-random-secure-perl is not available for Debian Wheezy. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Blocks||16993 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Jonathan Druartchanged: What|Removed |Added Blocks||16992 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=16960 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #8 from Marcel de Rooy--- Created attachment 53552 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=53552=edit Bug 16929: [QA Follow-up] Shortcut methods and use statements Resolves the following comments: I'd prefer to see a generate_csrf method than a CSRF flag. It'd be better to use instead of require the 2 modules. Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #7 from Jonathan Druart--- (In reply to Marcel de Rooy from comment #6) > The require is just performance: no need to load it for general use. It's not recommended. For instance if the module is missing of buggy, we want to know it at the compilation step. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #6 from Marcel de Rooy--- (In reply to Jonathan Druart from comment #5) > I'd prefer to see a generate_csrf method than a CSRF flag. > It'd be better to use instead of require the 2 modules. Well, we could add generate_csrf of course. The flag on itself is kind of a shortcut for type => $type. The require is just performance: no need to load it for general use. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #5 from Jonathan Druart--- I'd prefer to see a generate_csrf method than a CSRF flag. It'd be better to use instead of require the 2 modules. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #4 from Marcel de Rooy--- Latest patch always uses Bytes::Random::Secure and does not eval/alarm as in the concept. Includes a test. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added CC||jonathan.dru...@bugs.koha-c ||ommunity.org, ||ro...@kallisti.net.nz -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=16591 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Attachment #53418|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Patch complexity|--- |Small patch Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 --- Comment #3 from Marcel de Rooy--- Created attachment 53487 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=53487=edit Bug 16929: Prevent opac-memberentry waiting for random chars Move calls to WWW::CSRF to Koha::Token. Send a safe random string to WWW::CSRF instead of letting CSRF make a blocking call to Bytes::Random::Secure. If your server has not enough entropy, opac-memberentry will hang waiting for more characters in dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking flag. Test plan: [1] Do not yet apply this patch. [2] If your server has not enough entropy, calling opac-memberentry may take a while. But this not may be the case for you (no worries). [3] Apply this patch. [4] Verify that opac-memberentry still works as expected. [5] Run t/Token.t Signed-off-by: Marcel de Rooy Yes, my server had entropy trouble (reason for finding the problem). This patch resolves the delay. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929 Marcel de Rooychanged: What|Removed |Added Summary|Wrapper around CSRF call? |Prevent opac-memberentry ||waiting for random chars -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/