[DRE-maint] Bug#1019238: ...a more upstream-like fix for the issue
Adi Kriegisch
adi at kriegisch.at
Sun Sep 11 20:50:15 BST 2022
Dear all,
according to the corresponding github issue[1], the source of the problem
is an old version of psych embedded into ruby2.5 (which already is eol
upstream). While we're all eagerly awaiting a backport of redmine for
bullseye, the issue can be mitigated by the following 3 steps:
1. install the patched version of yaml_column.rb:
| mv /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb \
| /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb-orig
| wget -O /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb \
| https://raw.githubusercontent.com/skipkayhil/rails/5ab06e54b6868b249185e9fdf46349155665c54a/activerecord/lib/active_record/coders/yaml_column.rb
2. patch psych by overriding the class:
| cat >> /usr/lib/ruby/2.5.0/psych.rb <<EOF
| module Psych
| module_function
|
| class << self
| alias original_safe_load safe_load
| end
|
| def safe_load(yaml,
| whitelist_classes = [],
| whitelist_symbols = [],
| arg_aliases = false,
| filename = nil,
| symbolize_names: false,
| permitted_classes: whitelist_classes,
| aliases: false)
| original_safe_load(
| yaml, permitted_classes, whitelist_symbols, aliases || arg_aliases, filename,
| symbolize_names: symbolize_names,
| )
| end
| end
| EOF
add permitted classes to /usr/share/redmine/config/application.rb:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time, ActiveSupport::HashWithIndifferentAccess]
After these changes redmine works again.
all the best,
Adi
[1] https://github.com/rails/rails/issues/45590
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20220911/f5d7d611/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list