ecd5b3f323
Changelogs: https://github.com/vrana/adminer/releases/tag/v5.4.0 https://github.com/vrana/adminer/releases/tag/v5.4.1 - Patch crypto keys to be generated using OS-provided PRNG rather than a timestamp. - Patch passwords to be encrypted with aes256-gcm rather than xxtea. - Add 5 additonal plugins. - Also mark this expired due to an obvious reason, these issues that patched here will likely never be fixed upstream. - And there are 3 CVEs (not affected code in port however, because related parts isn't included), which have been unfixed for an extended period: https://nvd.nist.gov/vuln/detail/CVE-2023-45195 https://nvd.nist.gov/vuln/detail/CVE-2023-45196 https://nvd.nist.gov/vuln/detail/CVE-2023-45197 PR: 290365
12 lines
327 B
PHP
12 lines
327 B
PHP
--- adminer/include/functions.inc.php.orig 2025-10-19 12:05 UTC
|
|
+++ adminer/include/functions.inc.php
|
|
@@ -761,7 +761,7 @@
|
|
* @return string 32 hexadecimal characters
|
|
*/
|
|
function rand_string(): string {
|
|
- return md5(uniqid(strval(mt_rand()), true));
|
|
+ return bin2hex(random_bytes(32));
|
|
}
|
|
|
|
/** Format value to use in select
|