[DRE-maint] Bug#1050867: support for YAML aliases broken by switch from safe_yaml to Psych

Sébastien Villemot sebastien at debian.org
Wed Aug 30 15:05:07 BST 2023


Package: jekyll
Version: 4.3.1+dfsg-2
Severity: normal
Tags: patch

Dear Maintainers,

In jekyll 4.3.1+dfsg-1, a Debian-specific patch was added to rely on Psych
instead of safe_yaml for reading YAML files (see #1026427).

This change has however broken support for YAML aliases. More precisely, I’m no
longer able to use the minimal-mistakes theme, because this theme triggers the
parsing of the following YAML file:
 https://github.com/mmistakes/minimal-mistakes/blob/master/_data/ui-text.yml

This YAML file has aliases (symbol names starting with an ampersand), which are
not supported by the Psych.safe_load() method with its default arguments. I
thus get this error message (truncated trace):

/usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:430:in `visit_Psych_Nodes_Alias': Unknown alias: DEFAULT_EN (Psych::BadAlias)
	from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
	from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `each'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `each_slice'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `revive_hash'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
	from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
	from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:345:in `block in revive_hash'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `each'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `each_slice'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:343:in `revive_hash'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:167:in `visit_Psych_Nodes_Mapping'
	from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
	from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document'
	from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit'
	from /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept'
	from /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept'
	from /usr/lib/ruby/3.1.0/psych.rb:335:in `safe_load'
	from /usr/share/rubygems-integration/all/gems/jekyll-4.3.1/lib/jekyll/utils.rb:321:in `safe_load_yaml'
	from /usr/share/rubygems-integration/all/gems/jekyll-4.3.1/lib/jekyll/utils.rb:330:in `safe_load_yaml_file'
[…]

An easy fix is to explicitly allow aliases. I attach a patch (which must be
applied on top of 0016-Drop-usage-of-safe_yaml.patch).

Thanks for your work,

--
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  https://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀  https://www.debian.org
-------------- next part --------------
--- /usr/share/rubygems-integration/all/gems/jekyll-4.3.1/lib/jekyll/utils.rb	2023-04-16 23:35:56.000000000 +0200
+++ utils.rb	2023-08-30 15:56:26.028936881 +0200
@@ -318,7 +318,7 @@
 
     # Safely load YAML strings
     def safe_load_yaml(yaml)
-      Psych.safe_load(yaml, :permitted_classes => [Date, Time])
+      Psych.safe_load(yaml, :permitted_classes => [Date, Time], aliases: true)
     rescue ArgumentError
       # Psych versions < 3.1 had a different safe_load API and used
       # problematic language.


More information about the Pkg-ruby-extras-maintainers mailing list