Files
Baradb/HUNOS_ISSUE.md
dimgigov 42043f3946
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
v1.1.7: deep security & reliability audit — 33 bugs fixed
Critical (5):
- Reject empty JWT secret when authEnabled (server.nim)
- Fix 2PC marking uncontacted participants as prepared/committed (disttxn.nim)
- Fix Raft commit index calculation for even-sized clusters (raft.nim)
- Fix REP/DISTTXN protocol auth bypass (server.nim)
- Fix HTTP backup/restore path traversal (httpserver.nim)

High (11):
- Fix WAL write race with flush (lsm.nim)
- Fix MVCC savepoint/rollback deep-copy writeSet (mvcc.nim)
- Fix table mutation during deadlock iteration (mvcc.nim)
- Fix LIMIT 0 returning all rows (executor.nim)
- Fix COUNT(col) counting NULL values — 3 locations (executor.nim)
- Fix EXISTS subquery lowering missing subqueryPlan (executor.nim)
- Fix Raft appendEntries/applyCommitted array vs logical index (raft.nim)
- Fix timing attacks on constantTimeCompare and SCRAM (auth.nim, scram.nim)
- Fix B-tree leaf merge phantom separator key (btree.nim)
- Fix SSL verifyPeer not applied to newContext (ssl.nim)
- Fix sharding connectWithTimeout missing SO_ERROR check (sharding.nim)
- Fix sync replication returning success on partial ack (replication.nim)
- Fix WebSocket JWT expiration not validated (websocket.nim)

Medium (13):
- Fix writeSSTable partial file → tmp + atomic rename (lsm.nim)
- Fix multi-CTE table loss (executor.nim)
- Fix nl_to_sql DML restricted to superuser (executor.nim)
- Fix unbounded plan cache — max 10000 (adaptive.nim)
- Fix migration lock crash persistence — timestamp + stale detection (executor.nim)
- Fix admin panel auth (httpserver.nim)
- Fix MVCC unbounded txn tracking — prune in compactVersions (mvcc.nim)
- Fix connection pool maxLifetime check (pool.nim)
- Fix JWT JSON parser backslash escapes (auth.nim)
- Fix substr(s, start) returning single char (udf.nim)
- Fix loadSSTable minimum file-size check (lsm.nim)
- Fix compaction mmap leak (compaction.nim)
- Fix JSON injection in hybrid_search_filtered (executor.nim)

Low (4):
- Raft loadState logs error instead of silent discard
- Replication healthCheck double-close fixed
- Lexer readIdent double column counting fixed
- WebSocket frame 32-bit overflow guard

All 448 tests passing, 0 failures. Bump version to 1.1.7.
2026-05-29 14:17:41 +03:00

89 lines
2.0 KiB
Markdown

# Bug Report: `hunos` 1.3.1 fails to compile on Nim 2.2.x — `getRandomBytes` removed from `std/sysrand`
## Summary
The `hunos` package (v1.3.1) fails to compile on Nim 2.2.10 with:
```
hunos/sessions.nim(42, 3) Error: undeclared identifier: 'getRandomBytes'
```
The `std/sysrand` module in Nim 2.2.x no longer exports `getRandomBytes`. The API was renamed to `urandom`.
## Affected files (3 locations)
### 1. `hunos/sessions.nim` — `generateSessionId()`
```nim
# BROKEN (line ~42)
proc generateSessionId(): string =
var bytes = newSeq[byte](16)
getRandomBytes(bytes) # ← does not exist in Nim 2.2
...
```
**Fix:**
```nim
proc generateSessionId(): string =
let bytes = urandom(16)
...
```
### 2. `hunos/sessions.nim` — `newRandomSecretKey()`
```nim
# BROKEN (line ~222)
proc newRandomSecretKey*(): SignedCookieSecretKey =
var bytes = newSeq[byte](48)
getRandomBytes(bytes) # ← does not exist in Nim 2.2
result.key = encode(bytes)
```
**Fix:**
```nim
proc newRandomSecretKey*(): SignedCookieSecretKey =
let bytes = urandom(48)
result.key = encode(bytes)
```
### 3. `hunos/csrf.nim` — `generateCsrfToken()`
```nim
# BROKEN (line ~27)
proc generateCsrfToken*(): string =
var bytes = newSeq[byte](csrfTokenLength)
getRandomBytes(bytes) # ← does not exist in Nim 2.2
...
```
**Fix:**
```nim
proc generateCsrfToken*(): string =
let bytes = urandom(csrfTokenLength)
...
```
## Environment
| Component | Version |
|-----------|---------|
| Nim | 2.2.10 |
| hunos | 1.3.1 |
| OS | Linux (amd64) |
## Root cause
`std/sysrand` in Nim 2.2.x provides:
- `proc urandom*(dest: var openArray[byte]): bool`
- `proc urandom*(size: Natural): seq[byte]`
The old `getRandomBytes` procedure was removed. All three call sites need to switch to `urandom`.
## Impact
Any project depending on `hunos >= 1.3.0, < 1.3.2` with Nim 2.2.x will fail to compile. This is a **build-breaking** issue.
## Workaround
Pin to `hunos >= 1.3.2` (which has the fix) or patch the three files locally as shown above.