- Switch to %pytest

- Add patch to work well with new numpy: * numpy16.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-joblib?expand=0&rev=28
2019-05-30 08:05:13 +00:00
parent 8baf6f89c9
commit d91362b135
3 changed files with 67 additions and 3 deletions
--- a/numpy16.patch
+++ b/numpy16.patch
@@ -0,0 +1,57 @@
+From 0f1f647a8e2310a2291ea9ffab8c8336fc01f2c7 Mon Sep 17 00:00:00 2001
+From: Olivier Grisel <olivier.grisel@ensta.org>
+Date: Wed, 29 May 2019 15:52:38 +0200
+Subject: [PATCH] DOC emphasize security sensitivity of joblib.load (#879)
+
+---
+ joblib/numpy_pickle.py        |  4 ++++
+ joblib/numpy_pickle_compat.py | 14 +++++++++++---
+ 4 files changed, 44 insertions(+), 3 deletions(-)
+
+diff --git a/joblib/numpy_pickle.py b/joblib/numpy_pickle.py
+index bae0df31..bd807db2 100644
+--- a/joblib/numpy_pickle.py
+++ b/joblib/numpy_pickle.py
+@@ -550,6 +550,10 @@ def load(filename, mmap_mode=None):
+ 
+     Read more in the :ref:`User Guide <persistence>`.
+ 
+    WARNING: joblib.load relies on the pickle module and can therefore
+    execute arbitrary Python code. It should therefore never be used
+    to load files from untrusted sources.
+
+     Parameters
+     -----------
+     filename: str, pathlib.Path, or file object.
+diff --git a/joblib/numpy_pickle_compat.py b/joblib/numpy_pickle_compat.py
+index ba8ab827..d1532415 100644
+--- a/joblib/numpy_pickle_compat.py
+++ b/joblib/numpy_pickle_compat.py
+@@ -3,6 +3,8 @@
+ import pickle
+ import os
+ import zlib
+import inspect
+
+ from io import BytesIO
+ 
+ from ._compat import PY3_OR_LATER
+@@ -96,9 +98,15 @@ def read(self, unpickler):
+         # use getattr instead of self.allow_mmap to ensure backward compat
+         # with NDArrayWrapper instances pickled with joblib < 0.9.0
+         allow_mmap = getattr(self, 'allow_mmap', True)
+-        memmap_kwargs = ({} if not allow_mmap
+-                         else {'mmap_mode': unpickler.mmap_mode})
+-        array = unpickler.np.load(filename, **memmap_kwargs)
+        kwargs = {}
+        if allow_mmap:
+            kwargs['mmap_mode'] = unpickler.mmap_mode
+        if "allow_pickle" in inspect.signature(unpickler.np.load).parameters:
+            # Required in numpy 1.16.3 and later to aknowledge the security
+            # risk.
+            kwargs["allow_pickle"] = True
+        array = unpickler.np.load(filename, **kwargs)
+
+         # Reconstruct subclasses. This does not work with old
+         # versions of numpy
+         if (hasattr(array, '__array_prepare__') and
--- a/python-joblib.changes
+++ b/python-joblib.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue May 28 10:34:57 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Switch to %pytest
+- Add patch to work well with new numpy:
+  * numpy16.patch
+
 -------------------------------------------------------------------
 Tue Mar 26 14:45:24 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

--- a/python-joblib.spec
+++ b/python-joblib.spec
@@ -25,6 +25,7 @@ License:        BSD-3-Clause
 Group:          Development/Languages/Python
 URL:            https://github.com/joblib/joblib
 Source:         https://files.pythonhosted.org/packages/source/j/joblib/joblib-%{version}.tar.gz
+Patch0:         numpy16.patch
 BuildRequires:  %{python_module lz4}
 BuildRequires:  %{python_module numpy}
 BuildRequires:  %{python_module psutil}
@@ -53,6 +54,7 @@ Joblib can handle large data and has specific optimizations for `numpy` arrays.

 %prep
 %setup -q -n joblib-%{version}
+%patch0 -p1

 %build
 %python_build
@@ -63,9 +65,7 @@ Joblib can handle large data and has specific optimizations for `numpy` arrays.

 %check
 export LANG=en_US.UTF-8
-%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitelib}
-py.test-%{$python_bin_suffix} joblib
-}
+%pytest

 %files %{python_files}
 %license LICENSE.txt