/[smecontribs]/rpms/smeserver-phpmyadmin/contribs10/smeserver-phpmyadmin-4.0.10.2-bz11043-add-blowfishsecret.patch
ViewVC logotype

Annotation of /rpms/smeserver-phpmyadmin/contribs10/smeserver-phpmyadmin-4.0.10.2-bz11043-add-blowfishsecret.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Thu Dec 17 12:53:37 2020 UTC (3 years, 11 months ago) by jcrisp
Branch: MAIN
CVS Tags: smeserver-phpmyadmin-4_0_10_2-8_el7_sme, smeserver-phpmyadmin-4_0_10_2-14_el7_sme, smeserver-phpmyadmin-4_0_10_2-12_el7_sme, smeserver-phpmyadmin-4_0_10_2-10_el7_sme, smeserver-phpmyadmin-4_0_10_2-9_el7_sme, smeserver-phpmyadmin-4_0_10_2-13_el7_sme, smeserver-phpmyadmin-4_0_10_2-11_el7_sme, smeserver-phpmyadmin-4_0_10_2-7_el7_sme, HEAD
* Thu Dec 17 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 4.0.10.2-7.sme
- fix BlowfishSecret [SME: 11043]
- Update minimum e-smith release version

1 jcrisp 1.1 diff -ruN smeserver-phpmyadmin-4.0.10.2.old/root/etc/e-smith/db/configuration/migrate/addBlowfishSecret smeserver-phpmyadmin-4.0.10.2/root/etc/e-smith/db/configuration/migrate/addBlowfishSecret
2     --- smeserver-phpmyadmin-4.0.10.2.old/root/etc/e-smith/db/configuration/migrate/addBlowfishSecret 1970-01-01 01:00:00.000000000 +0100
3     +++ smeserver-phpmyadmin-4.0.10.2/root/etc/e-smith/db/configuration/migrate/addBlowfishSecret 2020-12-17 13:09:21.438411194 +0100
4     @@ -0,0 +1,32 @@
5     +{
6     + my $rec = $DB->get('phpmyadmin')
7     + || $DB->new_record('phpmyadmin', {type => 'configuration'});
8     + my $pw = $rec->prop('BlowfishSecret');
9     + if (not $pw or length($pw) < 57){
10     + my $pw = gen_pw();
11     + $rec->set_prop('BlowfishSecret', $pw);
12     + }
13     +
14     + sub gen_pw {
15     + use MIME::Base64 qw(encode_base64);
16     + my $p = "not set due to error";
17     + if ( open( RANDOM, "/dev/urandom" ) ){
18     + my $buf;
19     + # 57 bytes is a full line of Base64 coding, and contains
20     + # 456 bits of randomness - given a perfectly random /dev/random
21     + if ( read( RANDOM, $buf, 57 ) != 57 ){
22     + warn("Short read from /dev/random: $!");
23     + }
24     + else{
25     + $p = encode_base64($buf);
26     + chomp $p;
27     + }
28     + close RANDOM;
29     + }
30     + else{
31     + warn "Could not open /dev/urandom: $!";
32     + }
33     + return $p;
34     + }
35     +}
36     +
37     diff -ruN smeserver-phpmyadmin-4.0.10.2.old/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/20Directory smeserver-phpmyadmin-4.0.10.2/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/20Directory
38     --- smeserver-phpmyadmin-4.0.10.2.old/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/20Directory 2020-12-17 13:07:51.412987062 +0100
39     +++ smeserver-phpmyadmin-4.0.10.2/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/20Directory 2020-12-17 13:20:49.843313557 +0100
40     @@ -13,7 +13,6 @@
41     */
42     $cfg['PmaNoRelation_DisableWarning'] = TRUE;
43    
44     -
45     -
46     -
47     -
48     +{
49     + $OUT .= "\$cfg['blowfish_secret'] = '$phpmyadmin{'BlowfishSecret'}';/* YOU MUST FILL IN THIS FOR COOKIE AUTH! */\n"
50     +}

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed