[packages/php-pecl-solr/AC-branch] - remove srand initialization based on current time!!!

draenog draenog at pld-linux.org
Fri Jul 6 18:06:24 CEST 2012


commit d0d889262a5f1fa9980fd584b0bf5c1ffd31c711
Author: Elan Ruusamäe <glen at pld-linux.org>
Date:   Fri Jul 6 15:26:26 2012 +0000

    - remove srand initialization based on current time!!!
    
    Changed files:
        do-not-screw-with-random-seed.patch -> 1.1
        php-pecl-solr.spec -> 1.5

 do-not-screw-with-random-seed.patch | 32 ++++++++++++++++++++++++++++++++
 php-pecl-solr.spec                  |  5 ++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
---
diff --git a/do-not-screw-with-random-seed.patch b/do-not-screw-with-random-seed.patch
new file mode 100644
index 0000000..6e6d6ba
--- /dev/null
+++ b/do-not-screw-with-random-seed.patch
@@ -0,0 +1,32 @@
+DO NOT SCREW WITH RANDOM SEED
+
+Do not initialize the seed with srand or mt_srand, it is already initialized
+since PHP 4.2.0 (See the docs). And if you initialize it with time or microtime
+you make it only more worse (predictable).
+
+And initializing random seed with predictable value is extremely stupid.
+
+I had situation that three machines simulatenously produced temporary directory
+names based on random generator, and they all got same results, this is utterly
+screwed up up the application!
+
+Jul  6 10:37:26 segusilm php.fcgi: PHP Fatal error:  Uncaught exception 'Exception' with message 'Can't mkdir '/tmp/foo_UZNHCMUDWZ/archive': mkdir(): File exists' in /usr/share/foo/lib/plugins/Plugin.php:127
+Jul  6 10:37:26 lordi php.fcgi: PHP Warning:  unlink(/tmp/foo_UZNHCMUDWZ/archive/title.inc): No such file or directory in /usr/share/foo/lib/helper/OutputHelper.php on line 68
+
+it is strongly recommended for PHP application developers to keep their fingers
+away from srand() or mt_srand() and to never ever use rand() or mt_rand() for
+cryptographic secrets:
+http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
+
+--- php-pecl-solr-1.0.2/php_solr.c~	2011-11-29 04:50:07.000000000 +0200
++++ php-pecl-solr-1.0.2/php_solr.c	2012-07-06 18:15:25.730180032 +0300
+@@ -1082,9 +1082,6 @@
+ 	/* Always NULL. Kept for API backward compatibility purposes only */
+ 	hash_func_t pHashFunction    = NULL;
+ 
+-	/* initialize random seed */
+-	srand(time(NULL));
+-
+ 	ALLOC_HASHTABLE(SOLR_GLOBAL(documents));
+ 	ALLOC_HASHTABLE(SOLR_GLOBAL(clients));
+ 	ALLOC_HASHTABLE(SOLR_GLOBAL(params));
diff --git a/php-pecl-solr.spec b/php-pecl-solr.spec
index eb4ca42..066e377 100644
--- a/php-pecl-solr.spec
+++ b/php-pecl-solr.spec
@@ -7,12 +7,13 @@ Summary:	Object oriented API to Apache Solr
 Summary(fr.UTF-8):	API orientée objet pour Apache Solr
 Name:		php-pecl-solr
 Version:	1.0.2
-Release:	1
+Release:	2
 License:	PHP
 Group:		Development/Languages
 URL:		http://pecl.php.net/package/solr
 Source0:	http://pecl.php.net/get/%{modname}-%{version}.tgz
 # Source0-md5:	1632144b462ab22b91d03e4d59704fab
+Patch0:		do-not-screw-with-random-seed.patch
 BuildRequires:	curl-devel
 BuildRequires:	libxml2-devel >= 1:2.6.16
 %{?with_tests:BuildRequires:	php-curl}
@@ -70,6 +71,8 @@ mv %{modname}-%{version}/* .
 # avoid 1970 dates in doc
 find -newer TODO -o -print | xargs touch --reference %{SOURCE0}
 
+%patch0 -p1
+
 %build
 packagexml2cl package.xml > ChangeLog
 


More information about the test mailing list