From ecd5b3f3237d3cb36694edb8f870ef25c4e50cd6 Mon Sep 17 00:00:00 2001 From: Paavo-Einari Kaipila Date: Fri, 14 Nov 2025 14:45:34 +0300 Subject: databases/adminer: Update 5.3.0 => 5.4.1, deprecate Changelogs: https://github.com/vrana/adminer/releases/tag/v5.4.0 https://github.com/vrana/adminer/releases/tag/v5.4.1 - Patch crypto keys to be generated using OS-provided PRNG rather than a timestamp. - Patch passwords to be encrypted with aes256-gcm rather than xxtea. - Add 5 additonal plugins. - Also mark this expired due to an obvious reason, these issues that patched here will likely never be fixed upstream. - And there are 3 CVEs (not affected code in port however, because related parts isn't included), which have been unfixed for an extended period: https://nvd.nist.gov/vuln/detail/CVE-2023-45195 https://nvd.nist.gov/vuln/detail/CVE-2023-45196 https://nvd.nist.gov/vuln/detail/CVE-2023-45197 PR: 290365 --- .../adminer/files/patch-adminer_include_functions.inc.php | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 databases/adminer/files/patch-adminer_include_functions.inc.php (limited to 'databases/adminer/files/patch-adminer_include_functions.inc.php') diff --git a/databases/adminer/files/patch-adminer_include_functions.inc.php b/databases/adminer/files/patch-adminer_include_functions.inc.php new file mode 100644 index 000000000000..fa627837460a --- /dev/null +++ b/databases/adminer/files/patch-adminer_include_functions.inc.php @@ -0,0 +1,11 @@ +--- adminer/include/functions.inc.php.orig 2025-10-19 12:05 UTC ++++ adminer/include/functions.inc.php +@@ -761,7 +761,7 @@ + * @return string 32 hexadecimal characters + */ + function rand_string(): string { +- return md5(uniqid(strval(mt_rand()), true)); ++ return bin2hex(random_bytes(32)); + } + + /** Format value to use in select -- cgit v1.2.3