diff -ruN smeserver-phpmyadmin-4.0.10.2.old/root/etc/e-smith/db/configuration/migrate/addBlowfishSecret smeserver-phpmyadmin-4.0.10.2/root/etc/e-smith/db/configuration/migrate/addBlowfishSecret --- smeserver-phpmyadmin-4.0.10.2.old/root/etc/e-smith/db/configuration/migrate/addBlowfishSecret 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-phpmyadmin-4.0.10.2/root/etc/e-smith/db/configuration/migrate/addBlowfishSecret 2020-12-17 13:09:21.438411194 +0100 @@ -0,0 +1,32 @@ +{ + my $rec = $DB->get('phpmyadmin') + || $DB->new_record('phpmyadmin', {type => 'configuration'}); + my $pw = $rec->prop('BlowfishSecret'); + if (not $pw or length($pw) < 57){ + my $pw = gen_pw(); + $rec->set_prop('BlowfishSecret', $pw); + } + + sub gen_pw { + use MIME::Base64 qw(encode_base64); + my $p = "not set due to error"; + if ( open( RANDOM, "/dev/urandom" ) ){ + my $buf; + # 57 bytes is a full line of Base64 coding, and contains + # 456 bits of randomness - given a perfectly random /dev/random + if ( read( RANDOM, $buf, 57 ) != 57 ){ + warn("Short read from /dev/random: $!"); + } + else{ + $p = encode_base64($buf); + chomp $p; + } + close RANDOM; + } + else{ + warn "Could not open /dev/urandom: $!"; + } + return $p; + } +} + diff -ruN smeserver-phpmyadmin-4.0.10.2.old/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/20Directory smeserver-phpmyadmin-4.0.10.2/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/20Directory --- smeserver-phpmyadmin-4.0.10.2.old/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/20Directory 2020-12-17 13:07:51.412987062 +0100 +++ smeserver-phpmyadmin-4.0.10.2/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/20Directory 2020-12-17 13:20:49.843313557 +0100 @@ -13,7 +13,6 @@ */ $cfg['PmaNoRelation_DisableWarning'] = TRUE; - - - - +{ + $OUT .= "\$cfg['blowfish_secret'] = '$phpmyadmin{'BlowfishSecret'}';/* YOU MUST FILL IN THIS FOR COOKIE AUTH! */\n" +}