[DRE-maint] Bug#629067: libactionpack-ruby: libactionpack update breaks redmine

Ondřej Surý ondrej at debian.org
Mon Sep 5 15:10:10 UTC 2011


Resending to correct redmine address, please use this email of fix the address
in the previous email to redmine at packages.debian.org

O.

On Mon, Sep 5, 2011 at 17:05, Ondřej Surý <ondrej at debian.org> wrote:
> Hmm,
>
> you're right the reassignment was wrong. I missed that when I was reassigning
> the bugs to new packages.
>
> I thought I already sent that to redmine maintainer and the result was that it's
> the redmine which needs the update.
>
> On Thu, Jun 9, 2011 at 11:10, Jérémy Lal <kapouer at melix.org> wrote:
>> On 09/06/2011 10:18, Ondřej Surý wrote:
>>> Hi Jérémy,
>>>
>>> since my ruby is not very good, the question is if we want to release
>>> update for redmine or is there a simple way how to fix the API inside
>>> the rails?
>>
>> the bug report might be misleading : html_safe may have been unavailable
>> even before the security update. I remember i had an issue with this at some point.
>> I noticed 2.3.5-1.2+squeeze0.1 is not in the git repository, could you fix that ?
>>
>> Jérémy.
>
> and from previous rails maintainer:
>
> On Sat, Jun 11, 2011 at 04:01, Adam Majer <adamm at zombino.com> wrote:
>> On Wed, Jun 08, 2011 at 05:02:52PM +0200, Scharon, Daniel wrote:
>>> This bug is caused by a regression within rails, which was introduced in
>>> the upgrade from 2.3.5-1.2 to 2.3.5-1.2+squeeze0.1
>>>
>>> See #629067 for the bug report on rails, which is containing a
>>> workaround.
>>
>> I think the proper fix is to remove reference to nonexistent html_safe
>> method which doesn't exist in 2.3.5 rails. OpenSUSE has correct fix.
>>
>> - Adam
>
> Adam, could you please elaborate on this? Do you mean the correct fix for rails
> or for redmine?
>
> O.
>
> On Mon, Sep 5, 2011 at 16:34, Faidon Liambotis <paravoid at debian.org> wrote:
>> reassign 629067 libactionpack-ruby
>> found 629067 rails/2.3.5-1.2+squeeze0.1
>> severity 629067 grave
>> thanks
>>
>> On Fri, Jun 03, 2011 at 12:26:27PM +0200, Vincent-Xavier JUMEL wrote:
>>> Package: libactionpack-ruby
>>> Version: 2.3.5-1.2+squeeze0.1
>>> Severity: normal
>>>
>>> libactionpack update breaks redmine user view if hide_mail is not enabled.
>>> Redmine renderer fails on an inexistant html_safe method
>>>
>>> Workaround : change user preference to hidden mail
>>> psql> update user_preference set hide_mail = 't' where hide_mail = 'f' ;
>>
>> This was reassigned to ruby-actionpack-2.3 (present only in wheezy+) but
>> it's not really obvious why — no explanative mail was sent to the BTS
>> and the bug report remains unanswered.
>>
>> If it affects another package in wheezy, then it should probably be
>> cloned/reassigned instead.
>>
>> I'm reassigning it back and changing this severity: this was a security
>> update that broke an unrelated package (redmine) *in stable*. This is
>> /not/ acceptable according to the security team's guidelines.
>>
>> You could say that either the fix should be adapted or that the call
>> sites (redmine) should be fixed. I'd vote for the first, though, since
>> we can't really know what else has been broken by this change (in the
>> archive, let alone user-installed applications...)
>>
>> In any case, I'm adding redmine maintainers & the security team to the
>> Cc in case they have something useful to add.
>>
>> Regards,
>> Faidon
>>
>
>
>
> --
> Ondřej Surý <ondrej at sury.org>
> http://blog.rfc1925.org/
>



-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/





More information about the Pkg-ruby-extras-maintainers mailing list