[SRU] Update "ruby1.8 1.8.7.249-2ubuntu0.1" breaks package "redmine 0.9.3-1"

this is indeed a major break, I also had to downgrade ruby even if it's unsafe, otherwise redmine could not be used anymore.

Status changed to 'Confirmed' because the bug affects multiple users.

Same problem here, a really unacceptable breakage for an LTS version, even for a package from Universe.

Same problem here.
It occurd after updating the following packages:

updates:
ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)
ruby1.8-dev (1.8.7.249-2, 1.8.7.249-2ubuntu0.1),
libruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)
libreadline-ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1),
libopenssl-ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)

I can't confirm the temporary workaround described by Harry Krueger. For me, I had to downgrade both ruby1.8 and libruby1.8 to the previous version as well, then it worked.

Yes but it seems to work for some people, according to the redmine forums. It didn't work for me aswell.

What I've noticed is that when it stops working you can get it back up and running by giving multiple restarts to apache.
After a few attempts it will start working again. Apache performs a daily restart due to logrotation etc. on my server and about one out of every 5 restart cycles will break redmine.

The reboots does not seem to help for me.

The importance of this bug should be cranked up, since this completely prevents redmine from functionning at all.

For me a single apache reload does the trick.

After an apache restart (e.g. when apache package is updated), chances are good that redmine is broken again.
Logrotation is also a problem.
The randomness of the 500 errors makes this problem very hard to understand.

Packages:
redmine 0.9.3-1
ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)
libruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)
libreadline-ruby1.8 (1.8.7.249-2, 1.8.7.249-2ubuntu0.1)

Redmine is set up with libapache2-mod-passenger, https only, few users, few traffic.

Ubuntu LTS 10.04.4.

Redmine broken as described.
I was able to return to production after this:

# apt-get install ruby1.8=1.8.7.249-2 libruby1.8=1.8.7.249-2 irb1.8=1.8.7.249-2 rdoc1.8=1.8.7.249-2
# /etc/init.d/apache2 restart

Had to "hold" this packages in order to avoid this problem when upgrading.

# cat hold_list.txt
ruby1.8 hold
libruby1.8 hold
irb1.8 hold
rdoc1.8 hold

# cat hold_list | dpkg --set-selections

Redmine working with 30 users and growing...

bug is caused by next line:
/usr/share/redmine/app/models/setting.rb,166
    setting ||= new(:name => name, :value => @@available_settings[name]['default']) if @@available_settings.has_key? name

new (:name => name, :value =>> ...) depends on correct order of params in hash, i.e. (name,value) , because Settings.value= is depended on Settings..name attribute to get 'serialized' attr from @@available_settings

but last security change in hash processing in ruby is mixed some level of randomness (process PID?) in hash function, so order of hash params sometimes is reversed

here is the fix:

http://www.redmine.org/projects/redmine/repository/revisions/8909/diff/trunk/app/models/setting.rb

So the bug is actually in redmine package, not in ruby1.8 package.
Is it possible to move this bug over to https://bugs.launchpad.net/ubuntu/+source/redmine?

0.9.3 version of redmine doesn`t work randomly after hash maps security fix: https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.249-2ubuntu0.1

Is it possible to add this change http://www.redmine.org/projects/redmine/repository/revisions/8909/diff/trunk/app/models
/setting.rb to ubuntu redmine package?

Change only fixes bug with order-dependence in hash map and doesn`t affect any other functionality of package.

Waiting for ubuntu-sru

Hello Harry, or anyone else affected,

Accepted into precise-proposed. The package will build now and be available in a few hours in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hi, the new -proposed package works fine in my server.

-proposed packages works fine. Thank you.

This bug was fixed in the package redmine - 0.9.3-1ubuntu0.1

---------------
redmine (0.9.3-1ubuntu0.1) lucid-proposed; urgency=low

  * debian/patches/0019-fix-apache-500.patch:
    - Fix apache 500 error with ruby1.8 1.8.7.249-2ubuntu0.1
      (LP: #949011)
 -- Angel Abad <email address hidden> Tue, 05 Jun 2012 13:04:42 +0200

Hello everybdoy,

Thank you very much for your time and dedication.
My system is up to date now, with no packages on hold.

Greetings from Río Tercero, Argentina