subject:"Bug#1019665\: ruby\-safe\-yaml\: FTBFS with ruby3.1\: ERROR\: Test \"ruby3.1\" failed\: ArgumentError\:"

Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:

2022-12-27 Thread Diederik de Haas

Control: affects -1 src:jekyll

On Mon, 26 Dec 2022 17:54:13 +0100 Lucas Nussbaum  wrote:
> On 17/12/22 at 14:51 +0100, Diederik de Haas wrote:
> > There is an upstream PR: https://github.com/dtao/safe_yaml/pull/101
> > which tried to address this, but someone who tried it still got errors.
> > 
> > Last upstream commit was from 2019-02-22 and there are several PRs open
> > and it looks like the maintainer hasn't responded to any of them for > 5
> > YEARS
> 
> Since ruby-crack no longer depends on ruby-safe-yaml, ruby-safe-yaml
> should probably just be removed from testing (and Debian)...

And with that jekyll: https://tracker.debian.org/pkg/jekyll
https://bugs.debian.org/1026427 is a bug about that.

signature.asc
Description: This is a digitally signed message part.

Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:

2022-12-26 Thread Lucas Nussbaum

On 17/12/22 at 14:51 +0100, Diederik de Haas wrote:
> On 13 Sep 2022 09:00:07 -0300 Antonio Terceiro  wrote:
> > Source: ruby-safe-yaml
> > Version: 1.0.5-2
> > Justification: FTBFS
> > Usertags: ruby3.1
> > 
> > We are about to start the ruby3.1 transition in unstable. While trying to
> > rebuild ruby-safe-yaml with ruby3.1 enabled, the build failed.
> > 
> > Relevant part of the build log (hopefully):
> > >   ArgumentError:
> > > wrong number of arguments (given 2, expected 1)
> > >   # ./lib/safe_yaml/load.rb:149:in `load'
> > >   # ./lib/safe_yaml.rb:29:in `safe_load'
> > >   # ./spec/safe_yaml_spec.rb:7:in `safe_load_round_trip'
> > >   # ./spec/safe_yaml_spec.rb:745:in `block (4 levels) in  > >   (required)>'
> > > 
> > > Finished in 0.08109 seconds (files took 0.12613 seconds to load)
> > > 134 examples, 20 failures
> > > 
> > > Failed examples:
> > > 
> > > rspec ./spec/safe_yaml_spec.rb:29 # Psych unsafe_load allows exploits 
> > > through objects defined in YAML w/ !ruby/hash via custom :[]= methods
> 
> There is an upstream PR: https://github.com/dtao/safe_yaml/pull/101
> which tried to address this, but someone who tried it still got errors.
> 
> Last upstream commit was from 2019-02-22 and there are several PRs open and 
> it 
> looks like the maintainer hasn't responded to any of them for > 5 YEARS

Since ruby-crack no longer depends on ruby-safe-yaml, ruby-safe-yaml
should probably just be removed from testing (and Debian)...

Lucas


signature.asc
Description: PGP signature

Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:

2022-12-17 Thread Diederik de Haas

On 13 Sep 2022 09:00:07 -0300 Antonio Terceiro  wrote:
> Source: ruby-safe-yaml
> Version: 1.0.5-2
> Justification: FTBFS
> Usertags: ruby3.1
> 
> We are about to start the ruby3.1 transition in unstable. While trying to
> rebuild ruby-safe-yaml with ruby3.1 enabled, the build failed.
> 
> Relevant part of the build log (hopefully):
> >   ArgumentError:
> > wrong number of arguments (given 2, expected 1)
> >   # ./lib/safe_yaml/load.rb:149:in `load'
> >   # ./lib/safe_yaml.rb:29:in `safe_load'
> >   # ./spec/safe_yaml_spec.rb:7:in `safe_load_round_trip'
> >   # ./spec/safe_yaml_spec.rb:745:in `block (4 levels) in  >   (required)>'
> > 
> > Finished in 0.08109 seconds (files took 0.12613 seconds to load)
> > 134 examples, 20 failures
> > 
> > Failed examples:
> > 
> > rspec ./spec/safe_yaml_spec.rb:29 # Psych unsafe_load allows exploits 
> > through objects defined in YAML w/ !ruby/hash via custom :[]= methods

There is an upstream PR: https://github.com/dtao/safe_yaml/pull/101
which tried to address this, but someone who tried it still got errors.

Last upstream commit was from 2019-02-22 and there are several PRs open and it 
looks like the maintainer hasn't responded to any of them for > 5 YEARS

signature.asc
Description: This is a digitally signed message part.

Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:

2022-09-13 Thread Antonio Terceiro

Source: ruby-safe-yaml
Version: 1.0.5-2
Severity: important
Justification: FTBFS
Tags: bookworm sid ftbfs
User: debian-r...@lists.debian.org
Usertags: ruby3.1

Hi,

We are about to start the ruby3.1 transition in unstable. While trying to
rebuild ruby-safe-yaml with ruby3.1 enabled, the build failed.

Relevant part of the build log (hopefully):
>   ArgumentError:
> wrong number of arguments (given 2, expected 1)
>   # ./lib/safe_yaml/load.rb:149:in `load'
>   # ./lib/safe_yaml.rb:29:in `safe_load'
>   # ./spec/safe_yaml_spec.rb:7:in `safe_load_round_trip'
>   # ./spec/safe_yaml_spec.rb:745:in `block (4 levels) in '
> 
> Finished in 0.08109 seconds (files took 0.12613 seconds to load)
> 134 examples, 20 failures
> 
> Failed examples:
> 
> rspec ./spec/safe_yaml_spec.rb:29 # Psych unsafe_load allows exploits through 
> objects defined in YAML w/ !ruby/hash via custom :[]= methods
> rspec ./spec/safe_yaml_spec.rb:34 # Psych unsafe_load allows exploits through 
> objects defined in YAML w/ !ruby/object via the :init_with method
> rspec ./spec/safe_yaml_spec.rb:40 # Psych unsafe_load allows exploits through 
> objects w/ sensitive instance variables defined in YAML w/ !ruby/object
> rspec ./spec/safe_yaml_spec.rb:50 # Psych unsafe_load with special 
> whitelisted tags defined effectively ignores the whitelist (since everything 
> is whitelisted)
> rspec ./spec/safe_yaml_spec.rb:318 # Psych safe_load with special whitelisted 
> tags defined will allow objects to be deserialized for whitelisted tags
> rspec ./spec/safe_yaml_spec.rb:330 # Psych safe_load with special whitelisted 
> tags defined will not deserialize objects without whitelisted tags
> rspec ./spec/safe_yaml_spec.rb:336 # Psych safe_load with special whitelisted 
> tags defined will not allow non-whitelisted objects to be embedded within 
> objects with whitelisted tags
> rspec ./spec/safe_yaml_spec.rb:378 # Psych safe_load with special whitelisted 
> tags defined with the :raise_on_unknown_tag option enabled does not raise an 
> exception as long as all tags are whitelisted
> rspec ./spec/safe_yaml_spec.rb:404 # Psych safe_load with special whitelisted 
> tags defined with the :raise_on_unknown_tag option enabled does not raise an 
> exception on the non-specific '!' tag
> rspec ./spec/safe_yaml_spec.rb:421 # Psych safe_load with special whitelisted 
> tags defined with the :raise_on_unknown_tag option enabled with whitelisted 
> custom class does not raise an exception on the non-specific '!' tag
> rspec ./spec/safe_yaml_spec.rb:464 # Psych safe_load when options are passed 
> direclty to #load which differ from the defaults (or, for example, when 
> certain tags are whitelisted) goes with the default option when it is not 
> overridden
> rspec ./spec/safe_yaml_spec.rb:497 # Psych unsafe_load_file allows exploits 
> through objects defined in YAML w/ !ruby/hash via custom :[]= methods
> rspec ./spec/safe_yaml_spec.rb:504 # Psych unsafe_load_file allows exploits 
> through objects defined in YAML w/ !ruby/object via the :init_with method
> rspec ./spec/safe_yaml_spec.rb:510 # Psych unsafe_load_file allows exploits 
> through objects w/ sensitive instance variables defined in YAML w/ 
> !ruby/object
> rspec ./spec/safe_yaml_spec.rb:550 # Psych load as long as a :default_mode 
> has been specified doesn't issue a warning for unsafe mode, since an explicit 
> mode has been set
> rspec ./spec/safe_yaml_spec.rb:708 # Psych whitelist! with a Class as its 
> argument successfully deserializes the specified class
> rspec ./spec/safe_yaml_spec.rb:719 # Psych whitelist! with a Class as its 
> argument works for ranges
> rspec ./spec/safe_yaml_spec.rb:724 # Psych whitelist! with a Class as its 
> argument works for regular expressions
> rspec ./spec/safe_yaml_spec.rb:729 # Psych whitelist! with a Class as its 
> argument works for multiple classes
> rspec ./spec/safe_yaml_spec.rb:734 # Psych whitelist! with a Class as its 
> argument works for arbitrary Exception subclasses
> 
> ERROR: Test "ruby3.1" failed: 


The full build log is available from:
https://people.debian.org/~terceiro/ruby3.1/17/ruby-safe-yaml/ruby-safe-yaml_1.0.5-2+rebuild1663008186_amd64-2022-09-12T18:43:07Z.build

To reproduce this, you need to install ruby-all-dev >= 1:3.0+2. Depending on
when you try this, it might mean installing ruby-all-dev from experimental, or
if the transition has already started, a normal build on unstable will be
enough.  If you fail to reproduce, please provide a build log and diff it with
mine so that we can identify if something relevant changed in the meantime.

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

If you reassign this bug to another package, please marking it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects


signature.asc
Description: PGP signature

Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:

Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:

Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:

Bug#1019665: ruby-safe-yaml: FTBFS with ruby3.1: ERROR: Test "ruby3.1" failed: ArgumentError:

4 matches

Site Navigation

Mail list logo

Footer information