Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package puppet puppet 5.5.10-2 (already in unstable) fixes an issue whereby the Puppet master deserializes incoming agent reports producing variable output, depending on the availability of a specific package in the system (ruby-multi-json). This in turn can cause certain report processors (notably PuppetDB) to fail. See #923976 for details. Full source debdiff against testing attached. Regards, Apollon unblock puppet/5.5.10-2
diff -Nru puppet-5.5.10/debian/changelog puppet-5.5.10/debian/changelog --- puppet-5.5.10/debian/changelog 2019-01-16 10:56:17.000000000 +0200 +++ puppet-5.5.10/debian/changelog 2019-03-12 12:51:05.000000000 +0200 @@ -1,3 +1,9 @@ +puppet (5.5.10-2) unstable; urgency=medium + + * Make sure oj does not use BigDecimals on data load (Closes: #923976) + + -- Apollon Oikonomopoulos <apoi...@debian.org> Tue, 12 Mar 2019 12:51:05 +0200 + puppet (5.5.10-1) unstable; urgency=medium * New upstream bugfix release; see diff -Nru puppet-5.5.10/debian/patches/0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch puppet-5.5.10/debian/patches/0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch --- puppet-5.5.10/debian/patches/0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch 1970-01-01 02:00:00.000000000 +0200 +++ puppet-5.5.10/debian/patches/0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch 2019-03-12 12:51:05.000000000 +0200 @@ -0,0 +1,35 @@ +From: Apollon Oikonomopoulos <apoi...@debian.org> +Date: Sun, 10 Mar 2019 01:22:29 +0200 +Subject: Avoid BigDecimals when loading JSON using Oj + +This is already done for JrJackson and needs to be done for Oj as well +to avoid sending malformed reports to PuppetDB. + +Bug-Debian: https://bugs.debian.org/923976 +--- + lib/puppet/util/json.rb | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/lib/puppet/util/json.rb b/lib/puppet/util/json.rb +index 6baea59..ba2491b 100644 +--- a/lib/puppet/util/json.rb ++++ b/lib/puppet/util/json.rb +@@ -32,13 +32,16 @@ module Puppet::Util + def self.load(string, options = {}) + if defined? MultiJson + begin +- # This ensures that JrJackson will parse very large or very small ++ # This ensures that JrJackson and Oj will parse very large or very small + # numbers as floats rather than BigDecimals, which are serialized as + # strings by the built-in JSON gem and therefore can cause schema errors, + # for example, when we are rendering reports to JSON using `to_pson` in + # PuppetDB. +- if MultiJson.adapter.name == "MultiJson::Adapters::JrJackson" ++ case MultiJson.adapter.name ++ when "MultiJson::Adapters::JrJackson" + options[:use_bigdecimal] = false ++ when "MultiJson::Adapters::Oj" ++ options[:bigdecimal_load] = :float + end + + MultiJson.load(string, options) diff -Nru puppet-5.5.10/debian/patches/series puppet-5.5.10/debian/patches/series --- puppet-5.5.10/debian/patches/series 2018-11-09 09:54:47.000000000 +0200 +++ puppet-5.5.10/debian/patches/series 2019-03-12 12:51:05.000000000 +0200 @@ -6,3 +6,4 @@ 0007-Fix-service-listing-and-enable-disable-in-Debian.patch 0008-fix-locale-loading.patch reproducible-build.patch +0009-Avoid-BigDecimals-when-loading-JSON-using-Oj.patch