Bug#1022034: policyd-rate-limit: Uses deprecated yaml.load

[Gordon Ball]

Source: policyd-rate-limit
Version: 1.0.1.1-2.1
Severity: normal
X-Debbugs-Cc: gor...@chronitis.net

We hope to upgrade python3-yaml (aka pyyaml) to version 6 before the
freeze, per #1008262

Your package appears to use `yaml.load()` without specifying a `Loader=`
argument, which will become an error in pyyaml version 6. This should
have emitted a warning message since version 5.1 (from 2019).

In most cases this can be fixed by replacing `yaml.load` with
`yaml.safe_load`, unless the ability for yaml to create arbitrary python
objects is desirable.


Found in
https://sources.debian.org/src/policyd-rate-limit/1.0.1.1-2.1/policyd_rate_limit/utils.py/?hl=88#L88
for loading yaml-format config files (and in tests)


-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.0.0-1-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

[Henrik Riomar]

Seems this was not fixed in time for Debian 12, and now it fails to start on Debian12:

Jul 31 18:42:12 mailserv policyd-rate-limit[565]: Traceback (most recent call last):
Jul 31 18:42:12 mailserv policyd-rate-limit[565]:   File "/usr/bin/policyd-rate-limit", line 36, in <module>
Jul 31 18:42:12 mailserv policyd-rate-limit[565]:     config.setup()
Jul 31 18:42:12 mailserv policyd-rate-limit[565]:   File "/usr/lib/python3/dist-packages/policyd_rate_limit/utils.py", line 144, in setup
Jul 31 18:42:12 mailserv policyd-rate-limit[565]:     self._config = Config(config_file)
Jul 31 18:42:12 mailserv policyd-rate-limit[565]:                    ^^^^^^^^^^^^^^^^^^^
Jul 31 18:42:12 mailserv policyd-rate-limit[565]:   File "/usr/lib/python3/dist-packages/policyd_rate_limit/utils.py", line 88, in __init__
Jul 31 18:42:12 mailserv policyd-rate-limit[565]:     self._config = yaml.load(f)
Jul 31 18:42:12 mailserv policyd-rate-limit[565]:                    ^^^^^^^^^^^^
Jul 31 18:42:12 mailserv policyd-rate-limit[565]: TypeError: load() missing 1 required positional argument: 'Loader'
Jul 31 18:42:12 mailserv systemd[1]: policyd-rate-limit.service: Main process exited, code=exited, status=1/FAILURE

Upstream fix commit:

https://github.com/nitmir/policyd-rate-limit/commit/6c155a633bf5e9986304b1ca009a4716846e66f9

Upstream bug report:

https://github.com/nitmir/policyd-rate-limit/issues/15

[Fabio]

Package: policyd-rate-limit
Version: 1.0.1.1-2.1
Followup-For: Bug #1022034

Dear Maintainer,

seems that utils.py use an old syntax, I've applied this patch:

88c88
< self._config = yaml.load(f)
---
> self._config = yaml.load(f, Loader=yaml.SafeLoader)

to the file:

usr/lib/python3/dist-packages/policyd_rate_limit/utils.py

Still testing but seems resolved.

-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages policyd-rate-limit depends on:
ii adduser 3.134
ii init-system-helpers 1.65.2
ii python3 3.11.2-1+b1
ii python3-yaml 6.0-3+b2

policyd-rate-limit recommends no packages.

Versions of packages policyd-rate-limit suggests:
pn python3-mysqldb <none>
ii python3-psycopg2 2.9.5-1+b1

-- no debconf information