diff --git a/joblib-0.13.2.tar.gz b/joblib-0.13.2.tar.gz deleted file mode 100644 index 4f7650a..0000000 --- a/joblib-0.13.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:315d6b19643ec4afd4c41c671f9f2d65ea9d787da093487a81ead7b0bac94524 -size 287438 diff --git a/joblib-0.14.1.tar.gz b/joblib-0.14.1.tar.gz new file mode 100644 index 0000000..e556ace --- /dev/null +++ b/joblib-0.14.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0630eea4f5664c463f23fbf5dcfc54a2bc6168902719fa8e19daf033022786c8 +size 299621 diff --git a/numpy16.patch b/numpy16.patch deleted file mode 100644 index f8b0b95..0000000 --- a/numpy16.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0f1f647a8e2310a2291ea9ffab8c8336fc01f2c7 Mon Sep 17 00:00:00 2001 -From: Olivier Grisel -Date: Wed, 29 May 2019 15:52:38 +0200 -Subject: [PATCH] DOC emphasize security sensitivity of joblib.load (#879) - ---- - joblib/numpy_pickle.py | 4 ++++ - joblib/numpy_pickle_compat.py | 14 +++++++++++--- - 4 files changed, 44 insertions(+), 3 deletions(-) - -diff --git a/joblib/numpy_pickle.py b/joblib/numpy_pickle.py -index bae0df31..bd807db2 100644 ---- a/joblib/numpy_pickle.py -+++ b/joblib/numpy_pickle.py -@@ -550,6 +550,10 @@ def load(filename, mmap_mode=None): - - Read more in the :ref:`User Guide `. - -+ WARNING: joblib.load relies on the pickle module and can therefore -+ execute arbitrary Python code. It should therefore never be used -+ to load files from untrusted sources. -+ - Parameters - ----------- - filename: str, pathlib.Path, or file object. -diff --git a/joblib/numpy_pickle_compat.py b/joblib/numpy_pickle_compat.py -index ba8ab827..d1532415 100644 ---- a/joblib/numpy_pickle_compat.py -+++ b/joblib/numpy_pickle_compat.py -@@ -3,6 +3,8 @@ - import pickle - import os - import zlib -+import inspect -+ - from io import BytesIO - - from ._compat import PY3_OR_LATER -@@ -96,9 +98,15 @@ def read(self, unpickler): - # use getattr instead of self.allow_mmap to ensure backward compat - # with NDArrayWrapper instances pickled with joblib < 0.9.0 - allow_mmap = getattr(self, 'allow_mmap', True) -- memmap_kwargs = ({} if not allow_mmap -- else {'mmap_mode': unpickler.mmap_mode}) -- array = unpickler.np.load(filename, **memmap_kwargs) -+ kwargs = {} -+ if allow_mmap: -+ kwargs['mmap_mode'] = unpickler.mmap_mode -+ if "allow_pickle" in inspect.signature(unpickler.np.load).parameters: -+ # Required in numpy 1.16.3 and later to aknowledge the security -+ # risk. -+ kwargs["allow_pickle"] = True -+ array = unpickler.np.load(filename, **kwargs) -+ - # Reconstruct subclasses. This does not work with old - # versions of numpy - if (hasattr(array, '__array_prepare__') and diff --git a/python-joblib.changes b/python-joblib.changes index 43410e6..bc9b84c 100644 --- a/python-joblib.changes +++ b/python-joblib.changes @@ -1,3 +1,57 @@ +------------------------------------------------------------------- +Thu Mar 5 13:33:14 UTC 2020 - pgajdos@suse.com + +- version update to 0.14.1 + - Configure the loky workers' environment to mitigate oversubsription with + nested multi-threaded code in the following case: + - allow for a suitable number of threads for numba (``NUMBA_NUM_THREADS``); + - enable Interprocess Communication for scheduler coordination when the + nested code uses Threading Building Blocks (TBB) (``ENABLE_IPC=1``) + https://github.com/joblib/joblib/pull/951 + - Fix a regression where the loky backend was not reusing previously + spawned workers. + https://github.com/joblib/joblib/pull/968 + - Revert https://github.com/joblib/joblib/pull/847 to avoid using + `pkg_resources` that introduced a performance regression under Windows: + https://github.com/joblib/joblib/issues/965 + - Improved the load balancing between workers to avoid stranglers caused by an + excessively large batch size when the task duration is varying significantly + (because of the combined use of ``joblib.Parallel`` and ``joblib.Memory`` + with a partially warmed cache for instance). + https://github.com/joblib/joblib/pull/899 + - Add official support for Python 3.8: fixed protocol number in `Hasher` + and updated tests. + - Fix a deadlock when using the dask backend (when scattering large numpy + arrays). + https://github.com/joblib/joblib/pull/914 + - Warn users that they should never use `joblib.load` with files from + untrusted sources. Fix security related API change introduced in numpy + 1.6.3 that would prevent using joblib with recent numpy versions. + https://github.com/joblib/joblib/pull/879 + - Upgrade to cloudpickle 1.1.1 that add supports for the upcoming + Python 3.8 release among other things. + https://github.com/joblib/joblib/pull/878 + - Fix semaphore availability checker to avoid spawning resource trackers + on module import. + https://github.com/joblib/joblib/pull/893 + - Fix the oversubscription protection to only protect against nested + `Parallel` calls. This allows `joblib` to be run in background threads. + https://github.com/joblib/joblib/pull/934 + - Fix `ValueError` (negative dimensions) when pickling large numpy arrays on + Windows. + https://github.com/joblib/joblib/pull/920 + - Upgrade to loky 2.6.0 that add supports for the setting environment variables + in child before loading any module. + https://github.com/joblib/joblib/pull/940 + - Fix the oversubscription protection for native libraries using threadpools + (OpenBLAS, MKL, Blis and OpenMP runtimes). + The maximal number of threads is can now be set in children using the + ``inner_max_num_threads`` in ``parallel_backend``. It defaults to + ``cpu_count() // n_jobs``. + https://github.com/joblib/joblib/pull/940 +- deleted patches + - numpy16.patch (upstreamed) + ------------------------------------------------------------------- Tue May 28 10:34:57 UTC 2019 - Tomáš Chvátal diff --git a/python-joblib.spec b/python-joblib.spec index 77bf470..4dcc281 100644 --- a/python-joblib.spec +++ b/python-joblib.spec @@ -1,7 +1,7 @@ # # spec file for package python-joblib # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,14 +18,13 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-joblib -Version: 0.13.2 +Version: 0.14.1 Release: 0 Summary: Module for using Python functions as pipeline jobs License: BSD-3-Clause Group: Development/Languages/Python URL: https://github.com/joblib/joblib Source: https://files.pythonhosted.org/packages/source/j/joblib/joblib-%{version}.tar.gz -Patch0: numpy16.patch BuildRequires: %{python_module lz4} BuildRequires: %{python_module numpy} BuildRequires: %{python_module psutil} @@ -33,6 +32,7 @@ BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros +BuildRequires: python3-threadpoolctl Requires: python-lz4 Recommends: python-numpy Recommends: python-psutil @@ -54,7 +54,6 @@ Joblib can handle large data and has specific optimizations for `numpy` arrays. %prep %setup -q -n joblib-%{version} -%patch0 -p1 %build %python_build