diff -Nru ruby-asset-sync-2.11.0/debian/changelog ruby-asset-sync-2.11.0/debian/changelog --- ruby-asset-sync-2.11.0/debian/changelog 2020-09-12 19:17:54.000000000 +0000 +++ ruby-asset-sync-2.11.0/debian/changelog 2022-10-15 08:32:32.000000000 +0000 @@ -1,3 +1,11 @@ +ruby-asset-sync (2.11.0-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Add upstream fix to u se YAML.unsafe_load to support Psych v4. + (Closes: #1019611) + + -- Adrian Bunk Sat, 15 Oct 2022 11:32:32 +0300 + ruby-asset-sync (2.11.0-1) unstable; urgency=medium * Team Upload. diff -Nru ruby-asset-sync-2.11.0/debian/patches/0001-Use-YAML.unsafe_load-to-support-Psych-v4.patch ruby-asset-sync-2.11.0/debian/patches/0001-Use-YAML.unsafe_load-to-support-Psych-v4.patch --- ruby-asset-sync-2.11.0/debian/patches/0001-Use-YAML.unsafe_load-to-support-Psych-v4.patch 1970-01-01 00:00:00.000000000 +0000 +++ ruby-asset-sync-2.11.0/debian/patches/0001-Use-YAML.unsafe_load-to-support-Psych-v4.patch 2022-10-06 22:59:53.000000000 +0000 @@ -0,0 +1,73 @@ +From 4eb59cebba239f2c97fd042ff6a22306e5a14c5c Mon Sep 17 00:00:00 2001 +From: fukayatsu +Date: Mon, 22 Nov 2021 16:32:01 +0900 +Subject: Use YAML.unsafe_load to support Psych v4 + +--- + lib/asset_sync/asset_sync.rb | 10 ++++++++++ + lib/asset_sync/config.rb | 3 +-- + lib/asset_sync/storage.rb | 2 +- + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/lib/asset_sync/asset_sync.rb b/lib/asset_sync/asset_sync.rb +index 4969727..416d769 100644 +--- a/lib/asset_sync/asset_sync.rb ++++ b/lib/asset_sync/asset_sync.rb +@@ -1,3 +1,5 @@ ++require "yaml" ++ + module AssetSync + + class << self +@@ -60,6 +62,14 @@ module AssetSync + stdout.puts msg unless config.log_silently? + end + ++ def load_yaml(yaml) ++ if YAML.respond_to?(:unsafe_load) ++ YAML.unsafe_load(yaml) ++ else ++ YAML.load(yaml) ++ end ++ end ++ + def enabled? + config.enabled? + end +diff --git a/lib/asset_sync/config.rb b/lib/asset_sync/config.rb +index 3620bd8..7b883ff 100644 +--- a/lib/asset_sync/config.rb ++++ b/lib/asset_sync/config.rb +@@ -2,7 +2,6 @@ + + require "active_model" + require "erb" +-require "yaml" + + module AssetSync + class Config +@@ -184,7 +183,7 @@ module AssetSync + end + + def yml +- @yml ||= ::YAML.load(::ERB.new(IO.read(yml_path)).result)[::Rails.env] || {} ++ @yml ||= ::AssetSync.load_yaml(::ERB.new(IO.read(yml_path)).result)[::Rails.env] || {} + end + + def yml_path +diff --git a/lib/asset_sync/storage.rb b/lib/asset_sync/storage.rb +index 2a34f6a..f9dfa73 100644 +--- a/lib/asset_sync/storage.rb ++++ b/lib/asset_sync/storage.rb +@@ -117,7 +117,7 @@ module AssetSync + return manifest.assets.values.map { |f| File.join(self.config.assets_prefix, f) } + elsif File.exist?(self.config.manifest_path) + log "Using: Manifest #{self.config.manifest_path}" +- yml = YAML.load(IO.read(self.config.manifest_path)) ++ yml = AssetSync.load_yaml(IO.read(self.config.manifest_path)) + + return yml.map do |original, compiled| + # Upload font originals and compiled +-- +2.30.2 + diff -Nru ruby-asset-sync-2.11.0/debian/patches/series ruby-asset-sync-2.11.0/debian/patches/series --- ruby-asset-sync-2.11.0/debian/patches/series 2020-09-12 19:17:54.000000000 +0000 +++ ruby-asset-sync-2.11.0/debian/patches/series 2022-10-15 08:32:28.000000000 +0000 @@ -1,2 +1,3 @@ remove-rubygems-bundler.patch disable-aws-tests.patch +0001-Use-YAML.unsafe_load-to-support-Psych-v4.patch