Author: glen Date: Fri Jul 6 15:26:31 2012 GMT Module: packages Tag: HEAD ---- Log message: - remove srand initialization based on current time!!!
---- Files affected: packages/php-pecl-solr: php-pecl-solr.spec (1.4 -> 1.5) , do-not-screw-with-random-seed.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/php-pecl-solr/php-pecl-solr.spec diff -u packages/php-pecl-solr/php-pecl-solr.spec:1.4 packages/php-pecl-solr/php-pecl-solr.spec:1.5 --- packages/php-pecl-solr/php-pecl-solr.spec:1.4 Sun May 6 18:15:39 2012 +++ packages/php-pecl-solr/php-pecl-solr.spec Fri Jul 6 17:26:26 2012 @@ -8,12 +8,13 @@ Summary(fr.UTF-8): API orientée objet pour Apache Solr Name: php-pecl-solr Version: 1.0.2 -Release: 1 +Release: 2 License: PHP Group: Development/Languages URL: http://pecl.php.net/package/solr Source0: http://pecl.php.net/get/%{modname}-%{version}.tgz # Source0-md5: 1632144b462ab22b91d03e4d59704fab +Patch0: do-not-screw-with-random-seed.patch BuildRequires: curl-devel BuildRequires: libxml2-devel >= 1:2.6.16 %{?with_tests:BuildRequires: php-curl} @@ -71,6 +72,8 @@ # avoid 1970 dates in doc find -newer TODO -o -print | xargs touch --reference %{SOURCE0} +%patch0 -p1 + %build packagexml2cl package.xml > ChangeLog @@ -115,6 +118,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.5 2012/07/06 15:26:26 glen +- remove srand initialization based on current time!!! + Revision 1.4 2012/05/06 16:15:39 glen - up to 1.0.2 ================================================================ Index: packages/php-pecl-solr/do-not-screw-with-random-seed.patch diff -u /dev/null packages/php-pecl-solr/do-not-screw-with-random-seed.patch:1.1 --- /dev/null Fri Jul 6 17:26:31 2012 +++ packages/php-pecl-solr/do-not-screw-with-random-seed.patch Fri Jul 6 17:26:26 2012 @@ -0,0 +1,32 @@ +DO NOT SCREW WITH RANDOM SEED + +Do not initialize the seed with srand or mt_srand, it is already initialized +since PHP 4.2.0 (See the docs). And if you initialize it with time or microtime +you make it only more worse (predictable). + +And initializing random seed with predictable value is extremely stupid. + +I had situation that three machines simulatenously produced temporary directory +names based on random generator, and they all got same results, this is utterly +screwed up up the application! + +Jul 6 10:37:26 segusilm php.fcgi: PHP Fatal error: Uncaught exception 'Exception' with message 'Can't mkdir '/tmp/foo_UZNHCMUDWZ/archive': mkdir(): File exists' in /usr/share/foo/lib/plugins/Plugin.php:127 +Jul 6 10:37:26 lordi php.fcgi: PHP Warning: unlink(/tmp/foo_UZNHCMUDWZ/archive/title.inc): No such file or directory in /usr/share/foo/lib/helper/OutputHelper.php on line 68 + +it is strongly recommended for PHP application developers to keep their fingers +away from srand() or mt_srand() and to never ever use rand() or mt_rand() for +cryptographic secrets: +http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ + +--- php-pecl-solr-1.0.2/php_solr.c~ 2011-11-29 04:50:07.000000000 +0200 ++++ php-pecl-solr-1.0.2/php_solr.c 2012-07-06 18:15:25.730180032 +0300 +@@ -1082,9 +1082,6 @@ + /* Always NULL. Kept for API backward compatibility purposes only */ + hash_func_t pHashFunction = NULL; + +- /* initialize random seed */ +- srand(time(NULL)); +- + ALLOC_HASHTABLE(SOLR_GLOBAL(documents)); + ALLOC_HASHTABLE(SOLR_GLOBAL(clients)); + ALLOC_HASHTABLE(SOLR_GLOBAL(params)); ================================================================ ---- CVS-web: http://cvs.pld-linux.org/packages/php-pecl-solr/php-pecl-solr.spec?r1=1.4&r2=1.5 _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
