[DRE-maint] Bug#1019238: redmine: ActionView::Template::Error after recent ruby-rails security fix
Jude Hungerford
jhungerford at asylumseekerscentre.org.au
Tue Sep 6 04:59:10 BST 2022
Package: redmine
Version: 4.0.7-1~bpo10+1
Severity: important
Dear Maintainer,
* What led up to the situation?
The unattended-upgrades applied some updates to Ruby packages. The
following information was found in /var/log/apt/history.log:
Start-Date: 2022-09-05 06:51:39
Commandline: /usr/bin/unattended-upgrade
Upgrade: ruby-activejob:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-activerecord:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-actionpack:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-rails:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-activemodel:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-activestorage:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-actioncable:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-actionview:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-railties:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-activesupport:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4), ruby-actionmailer:amd64 (2:5.2.2.1+dfsg-1+deb10u3, 2:5.2.2.1+dfsg-1+deb10u4)
End-Date: 2022-09-05 06:51:48
Start-Date: 2022-09-05 06:51:52
Commandline: /usr/bin/unattended-upgrade
Upgrade: ruby-rack:amd64 (2.0.6-3, 2.0.6-3+deb10u1)
End-Date: 2022-09-05 06:51:59
* What exactly did you do (or not do) that was effective (or
ineffective)?
I attempted to access our Redmine pages, which were working before the
recent unattended upgrades.
* What was the outcome of this action?
All of our Redmine pages return the following message:
"""
Internal error
An error occurred on the page you were trying to access.
If you continue to experience problems please contact your Redmine administrator for assistance.
If you are the Redmine administrator, check your log files for details about the error.
"""
Looking at the log file in /var/log/redmine/default/production.log, I
see the following:
Started GET "/redmine/" for 203.221.207.132 at 2022-09-06 10:27:56 +1000
Processing by WelcomeController#index as HTML
Current user: jude (id=4)
Rendering welcome/index.html.erb within layouts/base
Rendered welcome/index.html.erb within layouts/base (3.5ms)
Completed 500 Internal Server Error in 19ms (ActiveRecord: 4.9ms)
ActionView::Template::Error (unknown keywords: permitted_classes, aliases):
11: <%= favicon %>
12: <%= stylesheet_link_tag 'jquery/jquery-ui-1.11.0', 'application', 'responsive', :media => 'all' %>
13: <%= stylesheet_link_tag 'rtl', :media => 'all' if l(:direction) == 'rtl' %>
14: <%= javascript_heads %>
15: <%= heads_for_theme %>
16: <%= call_hook :view_layouts_base_html_head %>
17: <!-- page specific tags -->
app/models/user_preference.rb:61:in `[]'
app/models/user_preference.rb:79:in `warn_on_leaving_unsaved'
app/helpers/application_helper.rb:1493:in `javascript_heads'
app/views/layouts/base.html.erb:14:in `_app_views_layouts_base_html_erb__2757522946862800469_70311845404380'
lib/redmine/sudo_mode.rb:63:in `sudo_mode'
* What outcome did you expect instead?
I would normally expect a Redmine page to load.
* Additional information
Redmine has been installed on this system from the buster-backports
repository.
-- System Information:
Debian Release: 10.12
APT prefers oldstable
APT policy: (990, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-21-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages redmine depends on:
ii dbconfig-common 2.0.11+deb10u1
ii debconf [debconf-2.0] 1.5.71+deb10u1
ii libjs-chart.js 2.7.3+dfsg-5
ii libjs-jquery 3.3.1~dfsg-3+deb10u1
ii libjs-jquery-ui 1.12.1+dfsg-5
ii libjs-raphael 2.1.0-1
ii redmine-mysql 4.0.7-1~bpo10+1
ii ruby 1:2.5.1
ii ruby-actionpack-action-caching 1.2.0-2
ii ruby-actionpack-xml-parser 2.0.1-3
ii ruby-bundler 1.17.3-3+deb10u1
ii ruby-coderay 1.1.2-2
ii ruby-csv 3.0.2-1
ii ruby-i18n 1.5.3-1+deb10u1
ii ruby-jquery-rails 4.3.3-1
ii ruby-mail 2.7.1+dfsg1-1
ii ruby-mime-types 3.2.2-1
ii ruby-mimemagic 0.3.2+dfsg-1
ii ruby-mini-mime 1.0.1-1
ii ruby-net-ldap 0.16.1-1
ii ruby-nokogiri 1.10.0+dfsg1-2
ii ruby-rack 2.0.6-3+deb10u1
ii ruby-rack-test 0.7.0-1
ii ruby-rails 2:5.2.2.1+dfsg-1+deb10u4
ii ruby-rails-dom-testing 2.0.3-3
ii ruby-rails-observers 0.1.5-1
ii ruby-rbpdf 1.19.5+ds.1-1
ii ruby-redcarpet 3.4.0-4+deb10u1
ii ruby-request-store 1.3.0-1
ii ruby-rmagick 2.16.0-6
ii ruby-roadie 3.2.2-1
ii ruby-roadie-rails 1.3.0-1
ii ruby-rouge 3.21.0-1~bpo10+1
ii ruby2.1 [ruby-interpreter] 2.1.5-2+deb8u4
Versions of packages redmine recommends:
ii passenger 5.0.30-1.1
Versions of packages redmine suggests:
pn bzr <none>
pn cvs <none>
pn darcs <none>
ii git 1:2.20.1-2+deb10u3
pn mercurial <none>
ii ruby-fcgi 0.9.2.1-2+b3
pn subversion <none>
-- debconf information:
redmine/instances/default/mysql/method: Unix socket
redmine/instances/default/pgsql/authmethod-admin: ident
redmine/default-language: en
redmine/instances/default/missing-db-package-error: abort
redmine/instances/default/upgrade-error: abort
redmine/instances/default/remote/host: localhost
redmine/missing-redmine-package:
* redmine/instances/default/dbconfig-remove:
redmine/instances/default/db/dbname: redmine_default
* redmine/instances/default/dbconfig-install: true
redmine/instances/default/pgsql/manualconf:
* redmine/instances/default/mysql/admin-user: debian-sys-maint
redmine/instances/default/pgsql/no-empty-passwords:
redmine/instances/default/upgrade-backup: true
redmine/instances/default/default-language: en
redmine/notify-migration:
redmine/instances/default/remote/port:
redmine/instances/default/db/app-user: redmine_default at localhost
redmine/instances/default/install-error: abort
redmine/instances/default/db/basepath:
redmine/instances/default/purge: false
redmine/instances/default/remove-error: abort
redmine/instances/default/dbconfig-upgrade: true
redmine/instances/default/remote/newhost:
redmine/old-instances:
redmine/instances/default/internal/skip-preseed: false
redmine/instances/default/pgsql/admin-user: postgres
redmine/current-instances: default
redmine/instances/default/pgsql/authmethod-user: password
redmine/instances/default/pgsql/changeconf: false
* redmine/instances/default/database-type: mysql
redmine/instances/default/dbconfig-reinstall: false
redmine/instances/default/pgsql/method: TCP/IP
redmine/instances/default/internal/reconfiguring: false
redmine/instances/default/passwords-do-not-match:
More information about the Pkg-ruby-extras-maintainers
mailing list