[DRE-maint] Bug#629067: libactionpack-ruby: libactionpack update breaks redmine
ondrej at debian.org
Mon Sep 5 15:05:32 UTC 2011
you're right the reassignment was wrong. I missed that when I was reassigning
the bugs to new packages.
I thought I already sent that to redmine maintainer and the result was that it's
the redmine which needs the update.
On Thu, Jun 9, 2011 at 11:10, Jérémy Lal <kapouer at melix.org> wrote:
> On 09/06/2011 10:18, Ondřej Surý wrote:
>> Hi Jérémy,
>> since my ruby is not very good, the question is if we want to release
>> update for redmine or is there a simple way how to fix the API inside
>> the rails?
> the bug report might be misleading : html_safe may have been unavailable
> even before the security update. I remember i had an issue with this at some point.
> I noticed 2.3.5-1.2+squeeze0.1 is not in the git repository, could you fix that ?
and from previous rails maintainer:
On Sat, Jun 11, 2011 at 04:01, Adam Majer <adamm at zombino.com> wrote:
> On Wed, Jun 08, 2011 at 05:02:52PM +0200, Scharon, Daniel wrote:
>> This bug is caused by a regression within rails, which was introduced in
>> the upgrade from 2.3.5-1.2 to 2.3.5-1.2+squeeze0.1
>> See #629067 for the bug report on rails, which is containing a
> I think the proper fix is to remove reference to nonexistent html_safe
> method which doesn't exist in 2.3.5 rails. OpenSUSE has correct fix.
> - Adam
Adam, could you please elaborate on this? Do you mean the correct fix for rails
or for redmine?
On Mon, Sep 5, 2011 at 16:34, Faidon Liambotis <paravoid at debian.org> wrote:
> reassign 629067 libactionpack-ruby
> found 629067 rails/2.3.5-1.2+squeeze0.1
> severity 629067 grave
> On Fri, Jun 03, 2011 at 12:26:27PM +0200, Vincent-Xavier JUMEL wrote:
>> Package: libactionpack-ruby
>> Version: 2.3.5-1.2+squeeze0.1
>> Severity: normal
>> libactionpack update breaks redmine user view if hide_mail is not enabled.
>> Redmine renderer fails on an inexistant html_safe method
>> Workaround : change user preference to hidden mail
>> psql> update user_preference set hide_mail = 't' where hide_mail = 'f' ;
> This was reassigned to ruby-actionpack-2.3 (present only in wheezy+) but
> it's not really obvious why — no explanative mail was sent to the BTS
> and the bug report remains unanswered.
> If it affects another package in wheezy, then it should probably be
> cloned/reassigned instead.
> I'm reassigning it back and changing this severity: this was a security
> update that broke an unrelated package (redmine) *in stable*. This is
> /not/ acceptable according to the security team's guidelines.
> You could say that either the fix should be adapted or that the call
> sites (redmine) should be fixed. I'd vote for the first, though, since
> we can't really know what else has been broken by this change (in the
> archive, let alone user-installed applications...)
> In any case, I'm adding redmine maintainers & the security team to the
> Cc in case they have something useful to add.
Ondřej Surý <ondrej at sury.org>
More information about the Pkg-ruby-extras-maintainers