ruby 1.9.3.484-2ubuntu1.8 throws gem warning

Hi Mathias,
so with 1.9.3.484-2ubuntu1.7 before this did not happen?

I can confirm the issue in a trusty container.

If I go back to the released version:
$ apt-get install ruby1.9.1=1.9.3.484-2ubuntu1 libruby1.9.1=1.9.3.484-2ubuntu1

things are ok again.

Although it is "only" a warning.
My gems are still listed.

Old:
# gem list
*** LOCAL GEMS ***

hello (0.0.1)

New:
# gem list
YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0).

*** LOCAL GEMS ***

hello (0.0.1)

ruby-psych is only available in much later releases.
This might be an issue of the latest security fixes.
Especially this might be related:
   3 * SECURITY UPDATE: Deserialization untrusted data
   4 - debian/patches/CVE-2018-1000074*.patch fix in
   5 lib/rubygems/commands/owner_command.rb,
   6 test/rubygems/test_gem_commands_owner_command.rb.
   7 - CVE-2018-1000074

I'm marking as an upgrade-regression and subscribe Leo who did the fix.

@Leo - could you check if the last security update you did regressed this and if so if you could improve/reroll parts of it?

Hi Christian,

no this didn't happen with 1.9.3.484-2ubuntu1.7:

(Forgive me the ugly installation method, i had to get those packages from our snapshotted mirror)

root@mbaur-gem-test:~# dpkg -i ruby_1.9.3.4_all.deb ruby1.9.1_1.9.3.484-2ubuntu1.7_amd64.deb libruby1.9.1_1.9.3.484-2ubuntu1.7_amd64.deb libyaml-0-2_0.1.7-2ubuntu3_amd64.deb
(Reading database ... 27431 files and directories currently installed.)
Preparing to unpack ruby_1.9.3.4_all.deb ...
Unpacking ruby (1:1.9.3.4) over (1:1.9.3.4) ...
Preparing to unpack ruby1.9.1_1.9.3.484-2ubuntu1.7_amd64.deb ...
Unpacking ruby1.9.1 (1.9.3.484-2ubuntu1.7) over (1.9.3.484-2ubuntu1.7) ...
Preparing to unpack libruby1.9.1_1.9.3.484-2ubuntu1.7_amd64.deb ...
Unpacking libruby1.9.1 (1.9.3.484-2ubuntu1.7) over (1.9.3.484-2ubuntu1.7) ...
Selecting previously unselected package libyaml-0-2:amd64.
Preparing to unpack libyaml-0-2_0.1.7-2ubuntu3_amd64.deb ...
Unpacking libyaml-0-2:amd64 (0.1.7-2ubuntu3) ...
Setting up libyaml-0-2:amd64 (0.1.7-2ubuntu3) ...
Setting up ruby (1:1.9.3.4) ...
Setting up ruby1.9.1 (1.9.3.484-2ubuntu1.7) ...
Setting up libruby1.9.1 (1.9.3.484-2ubuntu1.7) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Processing triggers for libc-bin (2.19-0ubuntu6.14) ...
root@mbaur-gem-test:~# gem list

*** LOCAL GEMS ***

root@mbaur-gem-test:~#

Yes, it was caused by my update.
I'm preparing a regression update for soon as possible.

Thanks!

New version fixing the regression is available
https://usn.ubuntu.com/3621-2/

I can confirm hat this fixes the mentioned issue. Thanks for your quick responds!

Ok, marking this as fix released.