[DRE-maint] Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4

Wed Sep 7 10:10:41 BST 2022

Hello Abhijith and the LTS team,

in Kali we have applied the last ruby-active* security updates and this
broke the web API part of autopkgtest.kali.org.

Specifically line 51 in
/usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb
makes a call to YAML.safe_load() with parameters that the YAML implementation in ruby 2.5 in stretch
does not support.

We have this error in our logs:

App 7518 output: 2022-09-07 07:55:07 - ArgumentError - unknown keywords: permitted_classes, aliases:
App 7518 output:        /usr/lib/ruby/2.5.0/psych.rb:313:in `safe_load'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb:51:in `yaml_load'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb:26:in `load'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/type/serialized.rb:22:in `deserialize'
[... rest of trace at the end of the mail in case it's helpful ...]

Please fix this regression ASAP. I don't know if similar fixes have been
applied to other ruby-* packages in the same batch, in which case there
are more than a single regression.

FWIW to downgrade ruby-activerecord, I had to also downgrade ruby-activesupport
and ruby-activemodel. And it's working again now.

Regards,

Full trace:
App 7518 output: 2022-09-07 07:55:07 - ArgumentError - unknown keywords: permitted_classes, aliases:
App 7518 output:        /usr/lib/ruby/2.5.0/psych.rb:313:in `safe_load'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb:51:in `yaml_load'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/coders/yaml_column.rb:26:in `load'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/type/serialized.rb:22:in `deserialize'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activemodel-5.2.2.1/lib/active_model/attribute.rb:165:in `type_cast'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activemodel-5.2.2.1/lib/active_model/attribute.rb:42:in `value'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activemodel-5.2.2.1/lib/active_model/attribute_set.rb:28:in `transform_values'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activemodel-5.2.2.1/lib/active_model/attribute_set.rb:28:in `to_hash'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/attribute_methods.rb:327:in `attributes'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activemodel-5.2.2.1/lib/active_model/serialization.rb:129:in `serializable_hash'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/serialization.rb:19:in `serializable_hash'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activemodel-5.2.2.1/lib/active_model/serializers/json.rb:100:in `as_json'
App 7518 output:        /usr/lib/ruby/vendor_ruby/debci/job.rb:223:in `as_json'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/core_ext/object/json.rb:152:in `block in as_json'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/core_ext/object/json.rb:152:in `map'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/core_ext/object/json.rb:152:in `as_json'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activerecord-5.2.2.1/lib/active_record/relation/delegation.rb:71:in `as_json'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/core_ext/object/json.rb:171:in `block in as_json'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/core_ext/object/json.rb:171:in `each'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/core_ext/object/json.rb:171:in `map'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/core_ext/object/json.rb:171:in `as_json'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/json/encoding.rb:35:in `encode'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/json/encoding.rb:22:in `encode'
App 7518 output:        /usr/share/rubygems-integration/all/gems/activesupport-5.2.2.1/lib/active_support/core_ext/object/json.rb:41:in `to_json'
App 7518 output:        /usr/lib/ruby/vendor_ruby/debci/api.rb:252:in `block (2 levels) in <class:API>'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1635:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1635:in `block in compile!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:992:in `block (3 levels) in route!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1011:in `route_eval'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:992:in `block (2 levels) in route!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1040:in `block in process_route'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1038:in `catch'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1038:in `process_route'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:990:in `block in route!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:989:in `each'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:989:in `route!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1097:in `block in dispatch!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1076:in `block in invoke'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1076:in `catch'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1076:in `invoke'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1094:in `dispatch!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:924:in `block in call!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1076:in `block in invoke'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1076:in `catch'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1076:in `invoke'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:924:in `call!'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:913:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/protection/xss_header.rb:18:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/protection/path_traversal.rb:16:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/protection/json_csrf.rb:26:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/protection/base.rb:50:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/protection/base.rb:50:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/protection/frame_options.rb:31:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/null_logger.rb:9:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/head.rb:12:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:194:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1957:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1502:in `block in call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1729:in `synchronize'
App 7518 output:        /usr/lib/ruby/vendor_ruby/sinatra/base.rb:1502:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/urlmap.rb:68:in `block in call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/urlmap.rb:53:in `each'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/urlmap.rb:53:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/rack/builder.rb:153:in `call'
App 7518 output:        /usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'
App 7518 output:        /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:149:in `accept_and_process_next_request'
App 7518 output:        /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:110:in `main_loop'
App 7518 output:        /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler.rb:415:in `block (3 levels) in start_threads'
App 7518 output:        /usr/lib/ruby/vendor_ruby/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'

-- 
Raphaël Hertzog ◈ Offensive Security ◈ Kali Linux Developer