[DRE-maint] Bug#629067: libactionpack-ruby: libactionpack update breaks redmine
ondrej at debian.org
Mon Sep 5 15:10:10 UTC 2011
Resending to correct redmine address, please use this email of fix the address
in the previous email to redmine at packages.debian.org
On Mon, Sep 5, 2011 at 17:05, Ondřej Surý <ondrej at debian.org> wrote:
> you're right the reassignment was wrong. I missed that when I was reassigning
> the bugs to new packages.
> I thought I already sent that to redmine maintainer and the result was that it's
> the redmine which needs the update.
> On Thu, Jun 9, 2011 at 11:10, Jérémy Lal <kapouer at melix.org> wrote:
>> On 09/06/2011 10:18, Ondřej Surý wrote:
>>> Hi Jérémy,
>>> since my ruby is not very good, the question is if we want to release
>>> update for redmine or is there a simple way how to fix the API inside
>>> the rails?
>> the bug report might be misleading : html_safe may have been unavailable
>> even before the security update. I remember i had an issue with this at some point.
>> I noticed 2.3.5-1.2+squeeze0.1 is not in the git repository, could you fix that ?
> and from previous rails maintainer:
> On Sat, Jun 11, 2011 at 04:01, Adam Majer <adamm at zombino.com> wrote:
>> On Wed, Jun 08, 2011 at 05:02:52PM +0200, Scharon, Daniel wrote:
>>> This bug is caused by a regression within rails, which was introduced in
>>> the upgrade from 2.3.5-1.2 to 2.3.5-1.2+squeeze0.1
>>> See #629067 for the bug report on rails, which is containing a
>> I think the proper fix is to remove reference to nonexistent html_safe
>> method which doesn't exist in 2.3.5 rails. OpenSUSE has correct fix.
>> - Adam
> Adam, could you please elaborate on this? Do you mean the correct fix for rails
> or for redmine?
> On Mon, Sep 5, 2011 at 16:34, Faidon Liambotis <paravoid at debian.org> wrote:
>> reassign 629067 libactionpack-ruby
>> found 629067 rails/2.3.5-1.2+squeeze0.1
>> severity 629067 grave
>> On Fri, Jun 03, 2011 at 12:26:27PM +0200, Vincent-Xavier JUMEL wrote:
>>> Package: libactionpack-ruby
>>> Version: 2.3.5-1.2+squeeze0.1
>>> Severity: normal
>>> libactionpack update breaks redmine user view if hide_mail is not enabled.
>>> Redmine renderer fails on an inexistant html_safe method
>>> Workaround : change user preference to hidden mail
>>> psql> update user_preference set hide_mail = 't' where hide_mail = 'f' ;
>> This was reassigned to ruby-actionpack-2.3 (present only in wheezy+) but
>> it's not really obvious why — no explanative mail was sent to the BTS
>> and the bug report remains unanswered.
>> If it affects another package in wheezy, then it should probably be
>> cloned/reassigned instead.
>> I'm reassigning it back and changing this severity: this was a security
>> update that broke an unrelated package (redmine) *in stable*. This is
>> /not/ acceptable according to the security team's guidelines.
>> You could say that either the fix should be adapted or that the call
>> sites (redmine) should be fixed. I'd vote for the first, though, since
>> we can't really know what else has been broken by this change (in the
>> archive, let alone user-installed applications...)
>> In any case, I'm adding redmine maintainers & the security team to the
>> Cc in case they have something useful to add.
> Ondřej Surý <ondrej at sury.org>
Ondřej Surý <ondrej at sury.org>
More information about the Pkg-ruby-extras-maintainers