On 2016/03/09 10:05, Stuart Henderson wrote: > That should be fixed in mcrypt - it should use arc4random functions > instead.
In addition, https://github.com/paragonie/random_compat/blob/master/ERRATA.md 1. libsodium if available 2. fread() /dev/urandom if available 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM) 4. COM('CAPICOM.Utilities.1')->GetRandom() 5. openssl_random_pseudo_bytes() - libsodium is "security/pecl-libsodium", please set that as a dep, it's the best choice for crypto primitives in PHP. But mcrypt should still be fixed. > On 2016/03/09 10:39, Renaud Allard wrote: > > Hello, > > > > I just tried to install owncloud 9.0.0, and it failed loudly. They changed > > the way random numbers are chosen. So if you have mcrypt extension and your > > web server is chrooted (and/or your web directory is mounted nodev, which is > > the default), mcrypt will fail to read /dev/urandom. This will create an > > exception and the next means of getting random numbers will not be tried, > > leading owncloud to fail completely. > > I made a patch for the 3rd party library they call: > > https://github.com/paragonie/random_compat/pull/94 > > > > Best Regards > > > >
