- remove srand initialization based on current time!!!

author Elan Ruusamäe <glen@pld-linux.org>

Fri, 6 Jul 2012 15:26:26 +0000 (15:26 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author Elan Ruusamäe <glen@pld-linux.org>
Fri, 6 Jul 2012 15:26:26 +0000 (15:26 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/do-not-screw-with-random-seed.patch b/do-not-screw-with-random-seed.patch

new file mode 100644 (file)

index 0000000..6e6d6ba
--- /dev/null
+++ b/do-not-screw-with-random-seed.patch
@@ -0,0 +1,32 @@
+DO NOT SCREW WITH RANDOM SEED
+
+Do not initialize the seed with srand or mt_srand, it is already initialized
+since PHP 4.2.0 (See the docs). And if you initialize it with time or microtime
+you make it only more worse (predictable).
+
+And initializing random seed with predictable value is extremely stupid.
+
+I had situation that three machines simulatenously produced temporary directory
+names based on random generator, and they all got same results, this is utterly
+screwed up up the application!
+
+Jul  6 10:37:26 segusilm php.fcgi: PHP Fatal error:  Uncaught exception 'Exception' with message 'Can't mkdir '/tmp/foo_UZNHCMUDWZ/archive': mkdir(): File exists' in /usr/share/foo/lib/plugins/Plugin.php:127
+Jul  6 10:37:26 lordi php.fcgi: PHP Warning:  unlink(/tmp/foo_UZNHCMUDWZ/archive/title.inc): No such file or directory in /usr/share/foo/lib/helper/OutputHelper.php on line 68
+
+it is strongly recommended for PHP application developers to keep their fingers
+away from srand() or mt_srand() and to never ever use rand() or mt_rand() for
+cryptographic secrets:
+http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
+
+--- php-pecl-solr-1.0.2/php_solr.c~    2011-11-29 04:50:07.000000000 +0200
++++ php-pecl-solr-1.0.2/php_solr.c     2012-07-06 18:15:25.730180032 +0300
+@@ -1082,9 +1082,6 @@
+       /* Always NULL. Kept for API backward compatibility purposes only */
+       hash_func_t pHashFunction    = NULL;
+ 
+-      /* initialize random seed */
+-      srand(time(NULL));
+-
+       ALLOC_HASHTABLE(SOLR_GLOBAL(documents));
+       ALLOC_HASHTABLE(SOLR_GLOBAL(clients));
+       ALLOC_HASHTABLE(SOLR_GLOBAL(params));
diff --git a/php-pecl-solr.spec b/php-pecl-solr.spec

index eb4ca420b7b0959381e15234dab51d230d7da32d..066e377b5ae12150cf6452aa678db72511704d3e 100644 (file)
--- a/php-pecl-solr.spec
+++ b/php-pecl-solr.spec
@@ -7,12 +7,13 @@ Summary:      Object oriented API to Apache Solr
  Summary(fr.UTF-8):     API orientée objet pour Apache Solr
  Name:          php-pecl-solr
  Version:       1.0.2
-Release:       1
+Release:       2
  License:       PHP
  Group:         Development/Languages
  URL:           http://pecl.php.net/package/solr
  Source0:       http://pecl.php.net/get/%{modname}-%{version}.tgz
  # Source0-md5: 1632144b462ab22b91d03e4d59704fab
+Patch0:                do-not-screw-with-random-seed.patch
  BuildRequires: curl-devel
  BuildRequires: libxml2-devel >= 1:2.6.16
  %{?with_tests:BuildRequires:   php-curl}
@@ -70,6 +71,8 @@ mv %{modname}-%{version}/* .
  # avoid 1970 dates in doc
  find -newer TODO -o -print | xargs touch --reference %{SOURCE0}
  
+%patch0 -p1
+
  %build
  packagexml2cl package.xml > ChangeLog
author	Elan Ruusamäe <glen@pld-linux.org>
	Fri, 6 Jul 2012 15:26:26 +0000 (15:26 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
do-not-screw-with-random-seed.patch	[new file with mode: 0644]	patch \| blob
php-pecl-solr.spec		patch \| blob \| blame \| history