packages: php-pecl-solr/php-pecl-solr.spec, php-pecl-solr/do-not-screw-with...

Fri Jul 6 17:26:31 CEST 2012

Author: glen                         Date: Fri Jul  6 15:26:31 2012 GMT
Module: packages                      Tag: HEAD
---- Log message:
- remove srand initialization based on current time!!!

---- Files affected:
packages/php-pecl-solr:
   php-pecl-solr.spec (1.4 -> 1.5) , do-not-screw-with-random-seed.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/php-pecl-solr/php-pecl-solr.spec
diff -u packages/php-pecl-solr/php-pecl-solr.spec:1.4 packages/php-pecl-solr/php-pecl-solr.spec:1.5

--- packages/php-pecl-solr/php-pecl-solr.spec:1.4	Sun May  6 18:15:39 2012
+++ packages/php-pecl-solr/php-pecl-solr.spec	Fri Jul  6 17:26:26 2012
@@ -8,12 +8,13 @@
 Summary(fr.UTF-8):	API orientée objet pour Apache Solr
 Name:		php-pecl-solr
 Version:	1.0.2
-Release:	1
+Release:	2
 License:	PHP
 Group:		Development/Languages
 URL:		http://pecl.php.net/package/solr
 Source0:	http://pecl.php.net/get/%{modname}-%{version}.tgz
 # Source0-md5:	1632144b462ab22b91d03e4d59704fab
+Patch0:		do-not-screw-with-random-seed.patch
 BuildRequires:	curl-devel
 BuildRequires:	libxml2-devel >= 1:2.6.16
 %{?with_tests:BuildRequires:	php-curl}
@@ -71,6 +72,8 @@
 # avoid 1970 dates in doc
 find -newer TODO -o -print | xargs touch --reference %{SOURCE0}
 
+%patch0 -p1
+
 %build
 packagexml2cl package.xml > ChangeLog
 
@@ -115,6 +118,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.5  2012/07/06 15:26:26  glen
+- remove srand initialization based on current time!!!
+
 Revision 1.4  2012/05/06 16:15:39  glen
 - up to 1.0.2
 

================================================================
Index: packages/php-pecl-solr/do-not-screw-with-random-seed.patch
diff -u /dev/null packages/php-pecl-solr/do-not-screw-with-random-seed.patch:1.1
--- /dev/null	Fri Jul  6 17:26:31 2012
+++ packages/php-pecl-solr/do-not-screw-with-random-seed.patch	Fri Jul  6 17:26:26 2012
@@ -0,0 +1,32 @@
+DO NOT SCREW WITH RANDOM SEED
+
+Do not initialize the seed with srand or mt_srand, it is already initialized
+since PHP 4.2.0 (See the docs). And if you initialize it with time or microtime
+you make it only more worse (predictable).
+
+And initializing random seed with predictable value is extremely stupid.
+
+I had situation that three machines simulatenously produced temporary directory
+names based on random generator, and they all got same results, this is utterly
+screwed up up the application!
+
+Jul  6 10:37:26 segusilm php.fcgi: PHP Fatal error:  Uncaught exception 'Exception' with message 'Can't mkdir '/tmp/foo_UZNHCMUDWZ/archive': mkdir(): File exists' in /usr/share/foo/lib/plugins/Plugin.php:127
+Jul  6 10:37:26 lordi php.fcgi: PHP Warning:  unlink(/tmp/foo_UZNHCMUDWZ/archive/title.inc): No such file or directory in /usr/share/foo/lib/helper/OutputHelper.php on line 68
+
+it is strongly recommended for PHP application developers to keep their fingers
+away from srand() or mt_srand() and to never ever use rand() or mt_rand() for
+cryptographic secrets:
+http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
+
+--- php-pecl-solr-1.0.2/php_solr.c~	2011-11-29 04:50:07.000000000 +0200
++++ php-pecl-solr-1.0.2/php_solr.c	2012-07-06 18:15:25.730180032 +0300
+@@ -1082,9 +1082,6 @@
+ 	/* Always NULL. Kept for API backward compatibility purposes only */
+ 	hash_func_t pHashFunction    = NULL;
+ 
+-	/* initialize random seed */
+-	srand(time(NULL));
+-
+ 	ALLOC_HASHTABLE(SOLR_GLOBAL(documents));
+ 	ALLOC_HASHTABLE(SOLR_GLOBAL(clients));
+ 	ALLOC_HASHTABLE(SOLR_GLOBAL(params));
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/packages/php-pecl-solr/php-pecl-solr.spec?r1=1.4&r2=1.5

