[SRU] Update "ruby1.8 1.8.7.249-2ubuntu0.1" breaks package "redmine 0.9.3-1"

Bug #949011 reported by Harry Krueger on 2012-03-07
80
This bug affects 13 people
Affects Status Importance Assigned to Milestone
redmine (Ubuntu)
Medium
Unassigned
Lucid
Medium
Angel Abad

Bug Description

[Test Case]

Upgrade"ruby1.8 1.8.7.249-2ubuntu0.1" breaks package "redmine 0.9.3-1"
(https://launchpad.net/ubuntu/+source/redmine/0.9.3-1)

Redmine stopped working after doing the upgrade. Apache delivers a "500 Internal Server Error" for any URL-Request.
Restarting Apache might fix this temporarily.

After downgrading to "ruby1.8 1.8.7.249-2" everything runs fine again.

[Regression Potential]

Change only fixes bug with order-dependence in hash map and doesn`t affect any other functionality of package.

see also:
http://www.redmine.org/boards/2/topics/29405?r=29413
http://serverfault.com/questions/366406/redmine-suddenly-stopped-working-how-to-troubleshoot

X Xiao (austinxxh-linux) wrote :

this is indeed a major break, I also had to downgrade ruby even if it's unsafe, otherwise redmine could not be used anymore.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ruby1.8 (Ubuntu):
status: New → Confirmed
Daniel Kulesz (kuleszdl) wrote :

Same problem here, a really unacceptable breakage for an LTS version, even for a package from Universe.

sjoukes (sjoukes) wrote :

Same problem here.
It occurd after updating the following packages:

updates:
ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)
ruby1.8-dev (1.8.7.249-2, 1.8.7.249-2ubuntu0.1),
libruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)
libreadline-ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1),
libopenssl-ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)

Daniel Kulesz (kuleszdl) wrote :

I can't confirm the temporary workaround described by Harry Krueger. For me, I had to downgrade both ruby1.8 and libruby1.8 to the previous version as well, then it worked.

Harry Krueger (harry-krueger) wrote :

Yes but it seems to work for some people, according to the redmine forums. It didn't work for me aswell.

sjoukes (sjoukes) wrote :

What I've noticed is that when it stops working you can get it back up and running by giving multiple restarts to apache.
After a few attempts it will start working again. Apache performs a daily restart due to logrotation etc. on my server and about one out of every 5 restart cycles will break redmine.

Arnaud Soyez (weboide) wrote :

The reboots does not seem to help for me.

The importance of this bug should be cranked up, since this completely prevents redmine from functionning at all.

Stephen G (stephengroat) on 2012-03-15
Changed in ruby1.8 (Ubuntu):
status: Confirmed → Invalid
status: Invalid → Confirmed

For me a single apache reload does the trick.

After an apache restart (e.g. when apache package is updated), chances are good that redmine is broken again.
Logrotation is also a problem.
The randomness of the 500 errors makes this problem very hard to understand.

Packages:
redmine 0.9.3-1
ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)
libruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)
libreadline-ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)

Redmine is set up with libapache2-mod-passenger, https only, few users, few traffic.

TaNgO (tango-lugmen) wrote :

Ubuntu LTS 10.04.4.

Redmine broken as described.
I was able to return to production after this:

# apt-get install ruby1.8=1.8.7.249-2 libruby1.8=1.8.7.249-2 irb1.8=1.8.7.249-2 rdoc1.8=1.8.7.249-2
# /etc/init.d/apache2 restart

Had to "hold" this packages in order to avoid this problem when upgrading.

# cat hold_list.txt
ruby1.8 hold
libruby1.8 hold
irb1.8 hold
rdoc1.8 hold

# cat hold_list | dpkg --set-selections

Redmine working with 30 users and growing...

Andrei Kleschinski (abaddon-o) wrote :

bug is caused by next line:
/usr/share/redmine/app/models/setting.rb,166
    setting ||= new(:name => name, :value => @@available_settings[name]['default']) if @@available_settings.has_key? name

new (:name => name, :value =>> ...) depends on correct order of params in hash, i.e. (name,value) , because Settings.value= is depended on Settings..name attribute to get 'serialized' attr from @@available_settings

but last security change in hash processing in ruby is mixed some level of randomness (process PID?) in hash function, so order of hash params sometimes is reversed

So the bug is actually in redmine package, not in ruby1.8 package.
Is it possible to move this bug over to https://bugs.launchpad.net/ubuntu/+source/redmine?

Andrei Kleschinski (abaddon-o) wrote :

0.9.3 version of redmine doesn`t work randomly after hash maps security fix: https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.249-2ubuntu0.1

Is it possible to add this change http://www.redmine.org/projects/redmine/repository/revisions/8909/diff/trunk/app/models
/setting.rb to ubuntu redmine package?

Change only fixes bug with order-dependence in hash map and doesn`t affect any other functionality of package.

affects: ruby1.8 (Ubuntu) → redmine (Ubuntu)
Angel Abad (angelabad) on 2012-06-05
Changed in redmine (Ubuntu):
importance: Undecided → Medium
Changed in redmine (Ubuntu Lucid):
status: New → Confirmed
Angel Abad (angelabad) on 2012-06-05
Changed in redmine (Ubuntu Lucid):
importance: Undecided → Medium
Changed in redmine (Ubuntu):
status: Confirmed → Fix Released
Changed in redmine (Ubuntu Lucid):
assignee: nobody → Angel Abad (angelabad)
status: Confirmed → In Progress
Angel Abad (angelabad) on 2012-06-05
description: updated
description: updated
summary: - Update "ruby1.8 1.8.7.249-2ubuntu0.1" breaks package "redmine 0.9.3-1"
+ [SRU] Update "ruby1.8 1.8.7.249-2ubuntu0.1" breaks package "redmine
+ 0.9.3-1"
Angel Abad (angelabad) wrote :
Changed in redmine (Ubuntu Lucid):
status: In Progress → Confirmed
Angel Abad (angelabad) wrote :

Waiting for ubuntu-sru

Changed in redmine (Ubuntu Lucid):
status: Confirmed → Fix Committed

Hello Harry, or anyone else affected,

Accepted into precise-proposed. The package will build now and be available in a few hours in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Angel Abad (angelabad) wrote :

Hi, the new -proposed package works fine in my server.

tags: added: verification-done
removed: verification-needed
Artyom Nosov (artyom.nosov) wrote :

-proposed packages works fine. Thank you.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package redmine - 0.9.3-1ubuntu0.1

---------------
redmine (0.9.3-1ubuntu0.1) lucid-proposed; urgency=low

  * debian/patches/0019-fix-apache-500.patch:
    - Fix apache 500 error with ruby1.8 1.8.7.249-2ubuntu0.1
      (LP: #949011)
 -- Angel Abad <email address hidden> Tue, 05 Jun 2012 13:04:42 +0200

Changed in redmine (Ubuntu Lucid):
status: Fix Committed → Fix Released
TaNgO (tango-lugmen) wrote :

Hello everybdoy,

Thank you very much for your time and dedication.
My system is up to date now, with no packages on hold.

Greetings from Río Tercero, Argentina

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers