Ruby » Ruby master

(Not neccessarily a bug in Ruby - chances are I should have formatted my Puppet file URIs differently from the get-go.)

However, since yesterday I'm getting these errors when running puppet apply:

Could not evaluate: Could not retrieve file metadata for puppet:///modules/unattended_upgrades/etc/apt/apt.conf.d/50unattended-upgrades: Failed to open TCP connection to :8140 (Connection refused - connect(2) for "" port 8140)

I think the reason this happens now in an otherwise completely unchanged environment is that on my Ubuntu system, a new ruby2.7 package has been installed, due to CVE-2023-28755. See http://changelogs.ubuntu.com/changelogs/pool/main/r/ruby2.7/ruby2.7_2.7.0-5ubuntu1.9/changelog for the backport info.

The patch info (URI.parse should set empty string in host instead of nil in lib/uri/rfc3986_parser.rb, raise ArgumentError with empty host url again in lib/net/http/generic_request.rb.) sounds exactly like the reason I'm suddenly running into this error: puppet:///modules/unattended_upgrades/etc/apt/apt.conf.d/50unattended-upgrades is an URI with an empty hostname - or is it? It's actually meant to refer to a local file, not a file on remote host ""; however, this is how it now seems to be interpreted: protocol puppet, hostname ``, path /modules/unattended_upgrades....

Because the patched code now returns "" for the hostname instead of nil, it tries to do a hostname lookup for "" which of course fails.

Not sure if this is an intended consequence of the patch in this specific context, which is why I'm reporting it.