blob: 8bd3db5ac6ec14c98859e05c734cf6478f0ea628 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
--- scripts/zmupdate.pl.in.orig 2025-06-13 23:01:03 UTC
+++ scripts/zmupdate.pl.in
@@ -52,8 +52,6 @@ use version;
use strict;
use bytes;
use version;
-use Crypt::Eksblowfish::Bcrypt;
-use Data::Entropy::Algorithms qw(rand_bits);
# ==========================================================================
#
@@ -1035,6 +1033,18 @@ sub migratePasswords {
} # end sub patchDB
sub migratePasswords {
+ use Crypt::Eksblowfish::Bcrypt;
+ my $random;
+ eval {
+ require Bytes::Random::Secure;
+ $random = Bytes::Random::Secure->new( Bits => 16*8);
+ };
+ if ($@ or !$random) {
+ eval {
+ require Data::Entropy::Algorithms;
+ $random = Data::Entropy::Algorithms::rand_bits(16*8);
+ };
+ }
print ("Migratings passwords, if any...\n");
my $sql = 'SELECT * FROM `Users`';
my $sth = $dbh->prepare_cached($sql) or die( "Can't prepare '$sql': ".$dbh->errstr() );
@@ -1043,7 +1053,7 @@ sub migratePasswords {
my $scheme = substr($user->{Password}, 0, 1);
if ($scheme eq '*') {
print ('-->'.$user->{Username}." password will be migrated\n");
- my $salt = Crypt::Eksblowfish::Bcrypt::en_base64(rand_bits(16*8));
+ my $salt = Crypt::Eksblowfish::Bcrypt::en_base64($random);
my $settings = '$2a$10$'.$salt;
my $pass_hash = Crypt::Eksblowfish::Bcrypt::bcrypt($user->{Password},$settings);
my $new_pass_hash = '-ZM-'.$pass_hash;
|
