133500 2006-05-16 08:38 0000 Rails 1.1.2 needs => lighttpd 1.4.10 2006-10-02 22:47:01 0000 1 1 1 Unclassified Gentoo Linux Applications unspecified All Linux RESOLVED FIXED P4 minor --- 123022 1 graaff@gentoo.org ruby@gentoo.org bangert@gentoo.org graaff@gentoo.org 2006-05-16 08:38:31 0000 The use of lighttpd in Rails 1.1.2 is optional, but it is the default setup for the internal server script in script/server. The lighttpd config file that Rails copies into a new Rails setup contains features (in particular CWD) which older lighttpd versions don't understand. This leads to an error which gives no indication that a newer version of lighttpd is needed. Upgrading to lighttpd 1.4.10-r2 works fine. bangert@gentoo.org 2006-05-30 13:02:50 0000 1.4.11 has been asked to be marked stable jmjmak@utu.fi 2006-09-30 03:00:52 0000 (In reply to comment #1) > 1.4.11 has been asked to be marked stable 1.4.11 has been marked stable (x86, amd64, ppc64, sparc) for a while now. Can we close this? graaff@gentoo.org 2006-09-30 03:05:32 0000 The fact that lighttpd has been marked stable does not fix the bug, it just makes it less likely that people run into it. I guess the right way to fix it is to add a lighttpd USE flag to the rails ebuild and depend on >=lighttpd-0.4.10 in this case. bangert@gentoo.org 2006-09-30 03:37:28 0000 perhaps adding something like if has_version www-servers/lighttpd && has_version <=www-servers/lighttpd-1.4.10 ewarn "you need at least www-servers/lighttpd-1.4.10 if you want" ewarn "to use lighttpd with rails!" fi in pkg_setup and/or pkg_config would suffice. the ebuild should possibly even die at that point... i don't know of a reason why one would like to stick to a version below 1.4.10... the big problem of course is, if you have rails and lighttpd installed you have to have lighttpd-1.4.10 or higher... there is nothing to choose. AFAICT this can't currently be modeled within an ebuild - so its just a matter of which hack we choose... the last alternative would be to fix the rails server script to, depending on a use flag, use either webrick or lighttpd... tough call pclouds@gentoo.org 2006-09-30 12:28:55 0000 I'd rather hack commands/server.rb to ignore lighttpd older than 1.4.10 (along with a warning maybe). However patching a gem is not very fun. Anyway, upstream should know about this and should fix this. They've already used `lighttpd -version` to check for lighttpd's existence. With a proper regexp, they can determine if the installed lighttpd can be used. Hans, did you inform upstream? graaff@gentoo.org 2006-10-01 01:49:16 0000 No, I did not inform upstream at the time because I thought we could handle this with a simple dependency. Looking through the Trac database it looks like this was reported twice, but upstream does not appear to see this as a problem. They just say to use 4.1.11 or higher. This is also their recommendation due to older versions being buggy. See: http://dev.rubyonrails.org/ticket/4344 http://dev.rubyonrails.org/ticket/4451 pclouds@gentoo.org 2006-10-02 05:08:54 0000 Created an attachment (id=98599) rails-1.1.6-r1.ebuild pclouds@gentoo.org 2006-10-02 05:09:17 0000 Created an attachment (id=98600) files/1.1.6-deprecate-old-lighttpd.patch pclouds@gentoo.org 2006-10-02 05:11:44 0000 I intend to patch rails 1.1.6 only. Any reason I should patch older versions? If you can test the attached ebuild, it would be highly appreciated. I'll add it to portage some next days if there is no response. graaff@gentoo.org 2006-10-02 12:42:32 0000 All the versions of rails < 1.1.6 contain a significant security leak, so they should not be patched but instead removed from portage. I patch seems to work fine on my system. pclouds@gentoo.org 2006-10-02 22:47:01 0000 InCVS 98599 2006-10-02 05:08 0000 rails-1.1.6-r1.ebuild rails-1.1.6-r1.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA2IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2Rldi1ydWJ5L3JhaWxzL3JhaWxzLTEuMS42LmVi dWlsZCx2IDEuMiAyMDA2LzA5LzAyIDIxOjQ3OjIyIGtsb2VyaSBFeHAgJAoKaW5oZXJpdCBydWJ5 IGdlbXMKClVTRV9SVUJZPSJydWJ5MTgiCkRFU0NSSVBUSU9OPSJydWJ5IG9uIHJhaWxzIGlzIGEg d2ViLWFwcGxpY2F0aW9uIGFuZCBwZXJzaXN0YW5jZSBmcmFtZXdvcmsiCkhPTUVQQUdFPSJodHRw Oi8vd3d3LnJ1YnlvbnJhaWxzLm9yZyIKIyBUaGUgVVJMIGRlcGVuZHMgaW1wbGljaXRseSBvbiB0 aGUgdmVyc2lvbiwgdW5mb3J0dW5hdGVseS4gRXZlbiBpZiB5b3UKIyBjaGFuZ2UgdGhlIGZpbGVu YW1lIG9uIHRoZSBlbmQsIGl0IHN0aWxsIGRvd25sb2FkcyB0aGUgc2FtZSBmaWxlLgpTUkNfVVJJ PSJodHRwOi8vZ2Vtcy5ydWJ5Zm9yZ2Uub3JnL2dlbXMvJHtQfS5nZW0iCgpMSUNFTlNFPSJSdWJ5 IgpTTE9UPSIxLjEiCktFWVdPUkRTPSJhbWQ2NCBpYTY0IHBwYyBzcGFyYyB4ODYgfng4Ni1mYnNk IgoKSVVTRT0ibXlzcWwgc3FsaXRlIHNxbGl0ZTMgcG9zdGdyZXMgZmFzdGNnaSIKREVQRU5EPSI+ PWRldi1sYW5nL3J1YnktMS44LjIKCT49ZGV2LXJ1YnkvcmFrZS0wLjcuMQoJPWRldi1ydWJ5L2Fj dGl2ZXJlY29yZC0xLjE0LjQKCT1kZXYtcnVieS9hY3Rpb25tYWlsZXItMS4yLjUKCT1kZXYtcnVi eS9hY3Rpb253ZWJzZXJ2aWNlLTEuMS42CglmYXN0Y2dpPyAoID49ZGV2LXJ1YnkvcnVieS1mY2dp LTAuOC42ICkKCXNxbGl0ZT8gKCA+PWRldi1ydWJ5L3NxbGl0ZS1ydWJ5LTIuMi4yICkKCXNxbGl0 ZTM/ICggZGV2LXJ1Ynkvc3FsaXRlMy1ydWJ5ICkKCW15c3FsPyAoID49ZGV2LXJ1YnkvbXlzcWwt cnVieS0yLjcgKQoJcG9zdGdyZXM/ICggPj1kZXYtcnVieS9ydWJ5LXBvc3RncmVzLTAuNy4xICki CgpzcmNfaW5zdGFsbCgpIHsKCWdlbXNfc3JjX2luc3RhbGwKCWNkICR7RH0vJHtHRU1TRElSfS9n ZW1zLyR7UH0KCWVwYXRjaCAke0ZJTEVTRElSfS8xLjEuNi1kZXByZWNhdGUtb2xkLWxpZ2h0dHBk LnBhdGNoCn0K 98600 2006-10-02 05:09 0000 files/1.1.6-deprecate-old-lighttpd.patch 1.1.6-deprecate-old-lighttpd.patch text/plain LS0tIGxpYi9jb21tYW5kcy9zZXJ2ZXIucmIJMjAwNi0wOS0wMyAwNjo0ODowNy4wMDAwMDAwMDAg KzA3MDAKKysrIHNlcnZlci5yYgkyMDA2LTEwLTAyIDE3OjQxOjE2LjAwMDAwMDAwMCArMDcwMApA QCAtMTQsNyArMTQsMTMgQEAKICAgICBBUkdWLnNoaWZ0CiAgIGVsc2UKICAgICBpZiBSVUJZX1BM QVRGT1JNICF+IC9tc3dpbi8gJiYgIXNpbGVuY2Vfc3RkZXJyIHsgYGxpZ2h0dHBkIC12ZXJzaW9u YCB9LmJsYW5rPyAmJiBkZWZpbmVkPyhGQ0dJKQotICAgICAgImxpZ2h0dHBkIgorICAgICAgaWYg JXgobGlnaHR0cGQgLXZlcnNpb24pID1+IC9ebGlnaHR0cGQtKFxkKylcLihcZCspXC4oXGQrKS8g YW5kICgkMS50b19pIDwgMSBvciAkMi50b19pIDwgNCBvciAkMy50b19pIDwgMTApCisgICAgICAg IHB1dHMgIllvdSBhcmUgdXNpbmcgYW4gb2xkIHZlcnNpb24gb2YgbGlnaHR0cGQgKGxlc3MgdGhh biAxLjQuMTApIgorICAgICAgICBwdXRzICJZb3VyIGxpZ2h0dHBkIHNob3VsZCBub3Qgd29yayBw cm9wZXJseSB3aXRoIHJhaWxzIGFuZCB3aWxsIGJlIGlnbm9yZWQiCisgICAgICAgICJ3ZWJyaWNr IgorICAgICAgZWxzZQorICAgICAgICAibGlnaHR0cGQiCisgICAgICBlbmQKICAgICBlbHNlCiAg ICAgICAid2VicmljayIKICAgICBlbmQK