Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 698668 - dev-ros/* packages still use unsafe/disabled yaml.load
Summary: dev-ros/* packages still use unsafe/disabled yaml.load
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Robot Operating System team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: unsafe-pyyaml
  Show dependency tree
 
Reported: 2019-10-27 16:13 UTC by Victor Mataré
Modified: 2020-08-06 10:33 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Mataré 2019-10-27 16:13:06 UTC 
I've heroically taken it upon me to report these upstream and I'm gathering them here to hopefully increase pressure. Please someone give them a little nudge if they don't get up and fix it.

dev-ros/rosparam:
https://github.com/ros/ros_comm/issues/1833

dev-ros/xacro:
https://github.com/ros/xacro/issues/228

dev-ros/tf:
https://github.com/ros/geometry/issues/197

dev-ros/rqt_reconfigure:
https://github.com/ros-visualization/rqt_reconfigure/issues/61

dev-python/rospkg:
https://github.com/ros-infrastructure/rospkg/issues/180

dev-python/vcstools
https://github.com/vcstools/vcstools/issues/158


These are only the ones I'm currently using, so I suspect there's more...

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2019-12-12 12:31:04 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=261ed5706839c0dc17c81140ff7807e2af3ba053

commit 261ed5706839c0dc17c81140ff7807e2af3ba053
Author:     Alexis Ballier <aballier@gentoo.org>
AuthorDate: 2019-12-12 12:20:44 +0000
Commit:     Alexis Ballier <aballier@gentoo.org>
CommitDate: 2019-12-12 12:30:58 +0000

    dev-ros/rosparam: fix yaml.load usage
    
    Bug: https://bugs.gentoo.org/698668
    Package-Manager: Portage-2.3.81, Repoman-2.3.20
    Signed-off-by: Alexis Ballier <aballier@gentoo.org>

 dev-ros/rosparam/files/yaml.patch                  | 22 ++++++++++++++++++++++
 ...ram-1.14.3.ebuild => rosparam-1.14.3-r1.ebuild} |  1 +
 2 files changed, 23 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19d8681750ee6c2c6933e031ffed1d10cc4b9cf3

commit 19d8681750ee6c2c6933e031ffed1d10cc4b9cf3
Author:     Alexis Ballier <aballier@gentoo.org>
AuthorDate: 2019-12-12 12:13:38 +0000
Commit:     Alexis Ballier <aballier@gentoo.org>
CommitDate: 2019-12-12 12:30:58 +0000

    dev-python/vcstools: fix usage of yaml.load
    
    Bug: https://bugs.gentoo.org/698668
    Package-Manager: Portage-2.3.81, Repoman-2.3.20
    Signed-off-by: Alexis Ballier <aballier@gentoo.org>

 dev-python/vcstools/files/yaml.patch       | 25 +++++++++++++++++++++++++
 dev-python/vcstools/vcstools-0.1.42.ebuild |  7 ++++---
 2 files changed, 29 insertions(+), 3 deletions(-)
Comment 2 Alexis Ballier gentoo-dev 2020-08-06 10:33:55 UTC 
most if not all of those should be fixed these days

please open bugs for each package you still encounter