[DRE-maint] Bug#1029726: ruby-cfpropertylist: Injects Enumerable::Enumerator into global namespace, breaks unrelated software
Jakob Haufe
sur5r at debian.org
Thu Jan 26 18:36:47 GMT 2023
Package: ruby-cfpropertylist
Version: 2.2.8-1.1
Severity: serious
Tags: patch upstream
Justification: Breaks unrelated software
While the infamous "Showing diffs returns 500" problem on Debian
packaged gitlab, it was noticed that the current version of
ruby-cfpropertylist in Debian injects an Enumerable::Enumerator class
into the global namespace, thus breaking unrelated software.
It can be reproduced by:
require 'cfpropertylist'
class FakeParser
include Enumerable
def parse()
Enumerator.new { |x| x << :hi }
end
end
FakeParser.new.parse.to_a
This has been fixed upstream in [1].
I would like to prepare an NMU containing:
- the unreleased changes available on salsa
- cherry-picking the fix from upstream
[1] https://github.com/ckruse/CFPropertyList/commit/c450984de42ded990a9edd30ce9d7ee0e5e0b103
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (400, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-6-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ruby-cfpropertylist depends on:
ii ruby 1:3.1
ruby-cfpropertylist recommends no packages.
ruby-cfpropertylist suggests no packages.
-- no debconf information
More information about the Pkg-ruby-extras-maintainers
mailing list