Bug#727187: marked as done (librack-ruby: DSA-2783 breaks rails apps)

[Debian Bug Tracking System]

Your message dated Tue, 29 Oct 2013 21:47:51 +0000
with message-id <e1vbh8h-0001jp...@franck.debian.org>
and subject line Bug#727187: fixed in librack-ruby 1.1.0-4+squeeze2
has caused the Debian Bug report #727187,
regarding librack-ruby: DSA-2783 breaks rails apps
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
727187: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727187
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: librack-ruby
Version: 1.1.0-4
Severity: important

Hello,

after installing DSA-2783, Debian-packaged redmine installations break.

Trying to reproduce this, I installed and configured redmine on an
up-2-date squeeze installation (using passenger), logged in, added
a project, but when trying to create a new issue it fails with an
"Internal Server Error".

The last lines of the log:

Processing IssuesController#new (for xx.xx.xx.xx at 2013-10-23 10:06:49) [GET]
  Parameters: {"project_id"=>"bling", "action"=>"new", "controller"=>"issues"}
Rendering template within layouts/base
Rendering issues/new
Completed in 80ms (View: 36, DB: 36) | 200 OK 
[https://somehostname/projects/bling/issues/new]
/!\ FAILSAFE /!\  Wed Oct 23 10:06:54 +0200 2013
  Status: 500 Internal Server Error
  undefined method `<<' for nil:NilClass
    /usr/lib/ruby/1.8/rack/utils.rb:510:in `parse_multipart'
    /usr/lib/ruby/1.8/rack/request.rb:268:in `parse_multipart'
    /usr/lib/ruby/1.8/rack/request.rb:146:in `POST'
    /usr/lib/ruby/1.8/rack/methodoverride.rb:15:in `call'
    /usr/lib/ruby/1.8/action_controller/params_parser.rb:15:in `call'
    /usr/lib/ruby/1.8/action_controller/session/cookie_store.rb:93:in `call'
    /usr/lib/ruby/1.8/action_controller/failsafe.rb:26:in `call'
    /usr/lib/ruby/1.8/rack/lock.rb:11:in `call'
    /usr/lib/ruby/1.8/rack/lock.rb:11:in `synchronize'
    /usr/lib/ruby/1.8/rack/lock.rb:11:in `call'
    /usr/lib/ruby/1.8/action_controller/dispatcher.rb:106:in `call'
    /usr/lib/ruby/1.8/phusion_passenger/rack/request_handler.rb:92:in 
`process_request'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_request_handler.rb:207:in 
`main_loop'
    /usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:418:in 
`start_request_handler'
    /usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:358:in 
`handle_spawn_application'
    /usr/lib/ruby/1.8/phusion_passenger/utils.rb:184:in `safe_fork'
    /usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:354:in 
`handle_spawn_application'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in `__send__'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in `main_loop'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:196:in 
`start_synchronously'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:163:in `start'
    /usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:213:in 
`start'
    /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:262:in 
`spawn_rails_application'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:126:in 
`lookup_or_add'
    /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:256:in 
`spawn_rails_application'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:80:in 
`synchronize'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:79:in 
`synchronize'
    /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:255:in 
`spawn_rails_application'
    /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:154:in 
`spawn_application'
    /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:287:in 
`handle_spawn_application'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in `__send__'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in `main_loop'
    /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:196:in 
`start_synchronously'
    /usr/lib/phusion_passenger/passenger-spawn-server:61

Downgrading via

apt-get install librack-ruby1.8=1.1.0-4 librack-ruby=1.1.0-4

get's everything back to normal.

This also breaks the squeeze-backports version of redmine.

Please take a look ASAP since this might break more than redmine.

Cheers
Wolfgang

-- System Information:
Debian Release: 6.0.8
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages librack-ruby depends on:
ii  libjs-jquery                  1.4.2-2    JavaScript library for dynamic web
ii  librack-ruby1.8               1.1.0-4    A modular Ruby webserver interface

librack-ruby recommends no packages.

librack-ruby suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: librack-ruby
Source-Version: 1.1.0-4+squeeze2

We believe that the bug you reported is fixed in the latest version of
librack-ruby, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 727...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <terce...@debian.org> (supplier of updated librack-ruby 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 23 Oct 2013 19:08:55 -0300
Source: librack-ruby
Binary: librack-ruby1.9.1 librack-ruby1.8 librack-ruby
Architecture: source all
Version: 1.1.0-4+squeeze2
Distribution: oldstable
Urgency: high
Maintainer: Ryan Niebur <r...@debian.org>
Changed-By: Antonio Terceiro <terce...@debian.org>
Description: 
 librack-ruby - A modular Ruby webserver interface
 librack-ruby1.8 - A modular Ruby webserver interface (Ruby 1.8)
 librack-ruby1.9.1 - A modular Ruby webserver interface (Ruby 1.9.1)
Closes: 727187
Changes: 
 librack-ruby (1.1.0-4+squeeze2) oldstable-security; urgency=high
 .
   * Team upload.
   * Fix wrong patch for CVE-2011-5036 (Closes: #727187)
Checksums-Sha1: 
 be29f28f93ea14dc5183c14b19bc1e86240ec56b 2063 librack-ruby_1.1.0-4+squeeze2.dsc
 fd6d87a6a96b29df95ff44031a5543efaeb406e7 6842 
librack-ruby_1.1.0-4+squeeze2.diff.gz
 31359896dce2516f5bde01540a20d889bfe8cb70 87106 
librack-ruby1.9.1_1.1.0-4+squeeze2_all.deb
 24d33e5ff819bc89bebedee607d77c3bdaaea885 87082 
librack-ruby1.8_1.1.0-4+squeeze2_all.deb
 7b0e77a76447049f99ec5b4932c97cb9a279f4f3 200898 
librack-ruby_1.1.0-4+squeeze2_all.deb
Checksums-Sha256: 
 02d5affb85b516febebf66d10012a540d1f2ccff8db2089733fffb6cb57648da 2063 
librack-ruby_1.1.0-4+squeeze2.dsc
 c1fb751fbd3e175d898a81369da2db7a76e8915c0057eef6b56c914c78ef8733 6842 
librack-ruby_1.1.0-4+squeeze2.diff.gz
 f3db69bb4305a6bc25f20edd9f827ad49aab6be23f30deacc7303788d45260bb 87106 
librack-ruby1.9.1_1.1.0-4+squeeze2_all.deb
 3bc755e11fd7a510f1f08fdd2ff6e0ee4c3c9e792464c090649961a6657fe8f0 87082 
librack-ruby1.8_1.1.0-4+squeeze2_all.deb
 e175eb19c58a870edf4b40b83cf111b6c58b20dfac2df960861f21889612f150 200898 
librack-ruby_1.1.0-4+squeeze2_all.deb
Files: 
 7de315c57bd64990bd21a8b9defebce5 2063 ruby optional 
librack-ruby_1.1.0-4+squeeze2.dsc
 2f0243677abbf37d7c2ea6f62baa942e 6842 ruby optional 
librack-ruby_1.1.0-4+squeeze2.diff.gz
 e723b09f9c80ef8c8eecf1cb5c4bf3bd 87106 ruby optional 
librack-ruby1.9.1_1.1.0-4+squeeze2_all.deb
 a4f382b62c228d03e97bc4c6a3541098 87082 ruby optional 
librack-ruby1.8_1.1.0-4+squeeze2_all.deb
 7b6ababfe772fd864140e19687418a07 200898 ruby optional 
librack-ruby_1.1.0-4+squeeze2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSaFMIAAoJEPwNsbvNRgveKBgQAICB4pMM45jWbQjIrrBdbTAn
7pP0YoBrXw6B9htYSmH9+pA6msCX6p0oIjkU3d8x3PYzAibcXGUjCL4rKovGInly
BJJ/mgasfZFzfYrMF23pmS/weO7ncSidblUcxww0ZaoJGtsbkxxFEguDN3DGQUYl
YdIDU90iqp0FSP5BVH5zv8XPVGyujbMwtZP3qwTF8y5awPnEtnRLUMh99ZDEmPBw
+twGyWrvuU39ALAVej9zaDsZNr0V3YL+l9ttGUzhF+7Ky/P4LWr/1Xc2RmuRdL1W
zo9KKK+12EEU6fAWoq5wxAU5l6c96KFQQVupnOychyvv441fL8I9wxSG87szXuU8
OAKvcITcBBjwIIVYN0isbacNn05EXIQvneUNHa3EjcOQcFQ8UJ9znXmaRrFRAS4M
OA4f92I+IR/grMpYY2+VU5Iw/BRWSGSr2OXntEyCLTB7FaRsuUau7k4Gpsg7L9MT
mORv7GE1WfqGW6Pl0J0pFNXZ18UmaRTRVmDm1GYJ6qFAu7kU/U9xBvEPP1M4NyoS
iCMEDWB0i3MyYBJcfbsNZpm5tNxwGV9wn38o54HNsRbnXAO0YyJQj3xtEC/L/AwO
Tscb4LBTEjoiFXi1B2OlBhwCY+S0aTvAuIceUgCR31jxo/Ev0fy4/Z8+dP2YncN5
O0ez/gGCHfv4ZoHqiceB
=Is0c
-----END PGP SIGNATURE-----

--- End Message ---