diff --git a/joblib-1.1.0.tar.gz b/joblib-1.1.0.tar.gz deleted file mode 100644 index 220a876..0000000 --- a/joblib-1.1.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4158fcecd13733f8be669be0683b96ebdbbd38d23559f54dca7205aea1bf1e35 -size 2063601 diff --git a/joblib-1.2.0.tar.gz b/joblib-1.2.0.tar.gz new file mode 100644 index 0000000..a29691a --- /dev/null +++ b/joblib-1.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e1cee4a79e4af22881164f218d4311f60074197fb707e082e803b61f6d137018 +size 313200 diff --git a/python-joblib.changes b/python-joblib.changes index 90e9e6a..c9cf0eb 100644 --- a/python-joblib.changes +++ b/python-joblib.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Tue Oct 11 13:20:33 UTC 2022 - Ben Greiner + +- Update to 1.2.0 (CVE-2022-21797, bsc#1204232) + * Fix a security issue where eval(pre_dispatch) could potentially + run arbitrary code. Now only basic numerics are supported. + #1327 + * Make sure that joblib works even when multiprocessing is not + available, for instance with Pyodide #1256 + * Avoid unnecessary warnings when workers and main process delete + the temporary memmap folder contents concurrently. #1263 + * Vendor loky 3.1.0 with several fixes to more robustly forcibly + terminate worker processes in case of a crash. #1269 + * Fix memory alignment bug for pickles containing numpy arrays. + This is especially important when loading the pickle with + mmap_mode != None as the resulting numpy.memmap object would + not be able to correct the misalignment without performing a + memory copy. This bug would cause invalid computation and + segmentation faults with native code that would directly access + the underlying data buffer of a numpy array, for instance + C/C++/Cython code compiled with older GCC versions or some old + OpenBLAS written in platform specific assembly. #1254 + * Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+. + * Vendor loky 3.3.0 which fixes a bug with leaking processes in + case of nested loky parallel calls and more reliability spawn + the correct number of reusable workers. +- Drop support-setuptools-62.patch + ------------------------------------------------------------------- Wed Jul 20 11:00:18 UTC 2022 - Steve Kowalik diff --git a/python-joblib.spec b/python-joblib.spec index 95a5c73..373dc4d 100644 --- a/python-joblib.spec +++ b/python-joblib.spec @@ -16,16 +16,14 @@ # -%{?!python_module:%define python_module() python-%{**} python3-%{**}} -%global skip_python2 1 Name: python-joblib -Version: 1.1.0 +Version: 1.2.0 Release: 0 Summary: Module for using Python functions as pipeline jobs License: BSD-3-Clause URL: https://github.com/joblib/joblib Source: https://files.pythonhosted.org/packages/source/j/joblib/joblib-%{version}.tar.gz -Patch0: support-setuptools-62.patch +BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module lz4} BuildRequires: %{python_module numpy} BuildRequires: %{python_module psutil} @@ -111,7 +109,7 @@ fi %files %{python_files} %license LICENSE.txt %doc README.rst -%{python_sitelib}/joblib-%{version}-py*.egg-info +%{python_sitelib}/joblib-%{version}*-info %{python_sitelib}/joblib/ %changelog diff --git a/support-setuptools-62.patch b/support-setuptools-62.patch deleted file mode 100644 index cf80b60..0000000 --- a/support-setuptools-62.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: joblib-1.1.0/joblib/test/test_numpy_pickle.py -=================================================================== ---- joblib-1.1.0.orig/joblib/test/test_numpy_pickle.py -+++ joblib-1.1.0/joblib/test/test_numpy_pickle.py -@@ -279,7 +279,7 @@ def test_compress_mmap_mode_warning(tmpd - numpy_pickle.dump(a, this_filename, compress=1) - with warns(UserWarning) as warninfo: - numpy_pickle.load(this_filename, mmap_mode='r+') -- assert len(warninfo) == 1 -+ assert len(warninfo) >= 1 - assert (str(warninfo[0].message) == - 'mmap_mode "%(mmap_mode)s" is not compatible with compressed ' - 'file %(filename)s. "%(mmap_mode)s" flag will be ignored.' %