Accepting request 706481 from devel:languages:python

- Switch to %pytest
- Add patch to work well with new numpy:
  * numpy16.patch

OBS-URL: https://build.opensuse.org/request/show/706481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-joblib?expand=0&rev=9

numpy16.patch

@@ -0,0 +1,57 @@
+From 0f1f647a8e2310a2291ea9ffab8c8336fc01f2c7 Mon Sep 17 00:00:00 2001
+From: Olivier Grisel <olivier.grisel@ensta.org>
+Date: Wed, 29 May 2019 15:52:38 +0200
+Subject: [PATCH] DOC emphasize security sensitivity of joblib.load (#879)
+
+---
+ joblib/numpy_pickle.py        |  4 ++++
+ joblib/numpy_pickle_compat.py | 14 +++++++++++---
+ 4 files changed, 44 insertions(+), 3 deletions(-)
+
+diff --git a/joblib/numpy_pickle.py b/joblib/numpy_pickle.py
+index bae0df31..bd807db2 100644
+--- a/joblib/numpy_pickle.py
++++ b/joblib/numpy_pickle.py
+@@ -550,6 +550,10 @@ def load(filename, mmap_mode=None):
+ 
+     Read more in the :ref:`User Guide <persistence>`.
+ 
++    WARNING: joblib.load relies on the pickle module and can therefore
++    execute arbitrary Python code. It should therefore never be used
++    to load files from untrusted sources.
++
+     Parameters
+     -----------
+     filename: str, pathlib.Path, or file object.
+diff --git a/joblib/numpy_pickle_compat.py b/joblib/numpy_pickle_compat.py
+index ba8ab827..d1532415 100644
+--- a/joblib/numpy_pickle_compat.py
++++ b/joblib/numpy_pickle_compat.py
+@@ -3,6 +3,8 @@
+ import pickle
+ import os
+ import zlib
++import inspect
++
+ from io import BytesIO
+ 
+ from ._compat import PY3_OR_LATER
+@@ -96,9 +98,15 @@ def read(self, unpickler):
+         # use getattr instead of self.allow_mmap to ensure backward compat
+         # with NDArrayWrapper instances pickled with joblib < 0.9.0
+         allow_mmap = getattr(self, 'allow_mmap', True)
+-        memmap_kwargs = ({} if not allow_mmap
+-                         else {'mmap_mode': unpickler.mmap_mode})
+-        array = unpickler.np.load(filename, **memmap_kwargs)
++        kwargs = {}
++        if allow_mmap:
++            kwargs['mmap_mode'] = unpickler.mmap_mode
++        if "allow_pickle" in inspect.signature(unpickler.np.load).parameters:
++            # Required in numpy 1.16.3 and later to aknowledge the security
++            # risk.
++            kwargs["allow_pickle"] = True
++        array = unpickler.np.load(filename, **kwargs)
++
+         # Reconstruct subclasses. This does not work with old
+         # versions of numpy
+         if (hasattr(array, '__array_prepare__') and

python-joblib.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue May 28 10:34:57 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Switch to %pytest
+- Add patch to work well with new numpy:
+  * numpy16.patch
+
 -------------------------------------------------------------------
 Tue Mar 26 14:45:24 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
 

python-joblib.spec

@@ -25,6 +25,7 @@ License:        BSD-3-Clause
 Group:          Development/Languages/Python
 URL:            https://github.com/joblib/joblib
 Source:         https://files.pythonhosted.org/packages/source/j/joblib/joblib-%{version}.tar.gz
+Patch0:         numpy16.patch
 BuildRequires:  %{python_module lz4}
 BuildRequires:  %{python_module numpy}
 BuildRequires:  %{python_module psutil}
@@ -53,6 +54,7 @@ Joblib can handle large data and has specific optimizations for `numpy` arrays.
 
 %prep
 %setup -q -n joblib-%{version}
+%patch0 -p1
 
 %build
 %python_build
@@ -63,9 +65,7 @@ Joblib can handle large data and has specific optimizations for `numpy` arrays.
 
 %check
 export LANG=en_US.UTF-8
-%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitelib}
+%pytest
-py.test-%{$python_bin_suffix} joblib
-}
 
 %files %{python_files}
 %license LICENSE.txt