"Redmine 2.0.0 drops Rails 2.3 (which is no longer maintained by the Rails team) in favour of the latest Rails 3 release, and it's now available for download at Rubyforge. New features will come with the next 2.1.0 release. Efforts have been made to ease the upgrade of existing Redmine plugins but most of them will need a bit of work from their authors in order to be compatible with Rails 3. So if you're using some plugins, you may want to wait before switching to Redmine 2.x." "Redmine 1.4.2 is a maintenance release that fixes 8 defects, including a compatibility issue with the latest ruby1.9.3 release (patch level 194), several improvements and translations updates. You can review the changes in the Changelog and download this new release at Rubyforge. Redmine 1.4.x releases stick to Rails 2.3 and will be maintained during the next months for those who won't switch to the forthcoming Redmine 2.0.0 and Rails 3." Please add them to the tree.
Redmine 2.0.3 released 2012-06-18 for rails-3.2.6
Created attachment 317754 [details] redmine version bump this ebuild works for me to upgrade redmine. I'm using passenger and got "no such file to load -- /var/lib/redmine/config/environment" after upgrade. Adding this option to vhost helps: PassengerDefaultUser redmine
if rails>=3.1, new redmine need prototype-rails gem
Redmine 1.4.5 and 2.1.3 were released on Nov 17th 2012 http://www.redmine.org/projects/redmine/wiki/Changelog_1_4 http://www.redmine.org/projects/redmine/wiki/Changelog
Redmne 2.2.0 released see http://www.redmine.org/versions/56
I think the maintainers is no longer interested in this project :(
sorry for long long long delay. in cvs now.
The ebuild for redmine 2.2.0 doesn't build because it depends on ~dev-ruby/rails-3.2.9:3.2 which is not in portage, but changing it to ~dev-ruby/rails-3.2.10:3.2 fixes the problem. Also the ebuild depends on >=dev-ruby/rack-openid-0.2.1 but I can't find this package in the tree? Should I file separate bugs for these?
I've already filed a bug-report if you fon't mind. See https://bugs.gentoo.org/show_bug.cgi?id=451078 @mrueg do you care to reopen it with deps including bug above?
reopening because of unresolved issues.
A bunch of updates was released a couple of days ago: 1.4.6, 2.1.6, 2.2.1. 2.2.1 has fixes for CVE-2013-0156.
Created attachment 336464 [details] redmine-1.4.7.ebuild
Created attachment 336466 [details] redmine-2.2.2.ebuild For this ebuild you need another package rack-openid which is not in tree yet, but you can grab it from here: https://bugs.gentoo.org/show_bug.cgi?id=451078 Or simply grab all the stuff from my local repo at git://bonespirit.org/bonespirit.git
This is security critical.
Re-assigned to security@g.o such that this bug is at least tracked, I didn't spot the CVE code earlier so thanks for mentioning again; as far as I can see it is not clear whether MATSUU wants to continue maintaining the package. Raised importance to a better default as well, so this isn't seen as non-critical.
Our Redmine should not have been affected by CVE-2013-0156, but: https://bugs.gentoo.org/show_bug.cgi?id=451078#c2 Matsuu, please bump the ebuild or rev-bump and fix as Hans recommended.
More rails CVEs. Is there any reason to make this depend on a point release? redmine 2.x has been broken in the tree since it was commited..
For those who still using redmine 1.4.x be aware that 1.4 branch reached EOL and 1.4.7 is its last release. Here you can find a patch for it to fix CVE-2013-0333: http://www.redmine.org/news/78
This is pretty bad response time, shouldn't you remove it from the tree if nobody can update it?
http://www.redmine.org/news/81 Redmine 2.3.0 and 2.2.4 released on 2013-03-19
*** Bug 413837 has been marked as a duplicate of this bug. ***
1.4.7 and 2.2.4 are in the tree. Please, test it and report if there are any problems. @security: there was no stable versions of redmine in the tree. Currently I think bug can be resolved. Vulnerable versions were dropped from the tree.
Can this be closed? btw. I've just installed 2.2.4 and / renders fine for me.
Fixed versions in tree, affected gone. Closing noglsa.
