!25 License compliance rectification

From: @wk333 Reviewed-by: @cherry530 Signed-off-by: @cherry530
License compliance rectification
2024-06-14 07:07:19 +00:00 · 2024-06-13 14:40:22 +08:00 · 2022-10-27 12:33:41 +00:00 · 2022-10-27 15:32:19 +08:00 · 2022-09-30 03:14:39 +00:00 · 2022-09-30 10:39:29 +08:00
4 changed files with 60 additions and 7 deletions
--- a/0.14.0.tar.gz
+++ b/0.14.0.tar.gz
--- a/CVE-2022-21797.patch
+++ b/CVE-2022-21797.patch
@ -0,0 +1,38 @@
 From b90f10efeb670a2cc877fb88ebb3f2019189e059 Mon Sep 17 00:00:00 2001
 From: Adrin Jalali <adrin.jalali@gmail.com>
 Date: Mon, 5 Sep 2022 15:15:04 +0200
 Subject: [PATCH] FIX make sure pre_dispatch cannot do arbitrary code execution
 (#1321)
 ---
 joblib/parallel.py | 10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)
 diff --git a/joblib/parallel.py b/joblib/parallel.py
 index f9c84548d..1c2fe18f7 100644
 --- a/joblib/parallel.py
 +++ b/joblib/parallel.py
@@ -504,7 +504,9 @@ class Parallel(Logger):
         pre_dispatch: {'all', integer, or expression, as in '3*n_jobs'}
             The number of batches (of tasks) to be pre-dispatched.
             Default is '2*n_jobs'. When batch_size="auto" this is reasonable
 -            default and the workers should never starve.
 +            default and the workers should never starve. Note that only basic
 +            arithmetics are allowed here and no modules can be used in this
 +            expression.
         batch_size: int or 'auto', default: 'auto'
             The number of atomic tasks to dispatch at once to each
             worker. When individual evaluations are very fast, dispatching
@@ -1049,7 +1051,11 @@ def _batched_calls_reducer_callback():
         else:
             self._original_iterator = iterator
             if hasattr(pre_dispatch, 'endswith'):
 -                pre_dispatch = eval(pre_dispatch)
 +                pre_dispatch = eval(
 +                    pre_dispatch,
 +                    {"n_jobs": n_jobs, "__builtins__": {}},  # globals
 +                    {}  # locals
 +                )
             self._pre_dispatch_amount = pre_dispatch = int(pre_dispatch)
             # The main thread will consume the first pre_dispatch items and
--- a/joblib-1.1.0.tar.gz
+++ b/joblib-1.1.0.tar.gz
--- a/python-joblib.spec
+++ b/python-joblib.spec
@ -1,12 +1,13 @@
 %global pypi_name joblib
 Name:           python-%{pypi_name}
-Version:        0.14.0
+Version:        1.1.0
-Release:        3
+Release:        2
 Summary:        Utilities to provide lightweight pipelining in Python
-License:        BSD-licenced (3 clause)
+License:        BSD-3-Clause
 URL:            https://joblib.readthedocs.io/en/latest/
-Source0:        https://github.com/joblib/joblib/archive/0.14.0.tar.gz
+Source0:        https://github.com/joblib/joblib/archive/%{version}.tar.gz#/%{pypi_name}-%{version}.tar.gz
 Patch0:         CVE-2022-21797.patch
 BuildArch:      noarch
 BuildRequires:  python3-devel
 #test requires
@ -25,7 +26,7 @@ Summary:        %{summary}
 %description -n python3-%{pypi_name} %{_description}
 %prep
-%autosetup -n %{pypi_name}-%{version}
+%autosetup -p1 -n %{pypi_name}-%{version}
 %build
 %py3_build
@ -35,8 +36,7 @@ Summary:        %{summary}
 %check
-export PYTHONPATH=$(pwd)
+%{__python3} -m pytest -k "not test_parallel_call_cached_function_defined_in_jupyter"
 py.test-%{python3_version} joblib
 %files -n python3-%{pypi_name}
 %license LICENSE.txt
@ -45,5 +45,20 @@ py.test-%{python3_version} joblib
 %{python3_sitelib}/%{pypi_name}/
 %changelog
 * Thu Jun 13 2024 wangkai <13474090681@163.com> - 1.1.0-2
 - License compliance rectification
 * Thu Oct 27 2022 yaoxin <yaoxin30@h-aprtners.com> - 1.1.0-1
 - Upgrade to version 1.1.0
 * Wed Sep 28 2022 liangqifeng <liangqifeng@ncti-gba.cn> - 1.0.0-2
 - fix CVE-2022-21797
 * Mon Feb 1 2021 wangjie<wangjie294@huawei.com> - 1.0.0-1
 - upgrade version to 1.0.0
 * Thu Oct 29 2020 tianwei<tianwei12@huawei.com> - 0.14.0-4
 - delete python2 require
 * Fri Feb 14 2020 gulining<gulining1@huawei.com> - 0.14.0-3
 - Init package
Author	SHA1	Message	Date
openeuler-ci-bot	71e5864009	!25 License compliance rectification From: @wk333 Reviewed-by: @cherry530 Signed-off-by: @cherry530	2024-06-14 07:07:19 +00:00
wk333	960a06dc1a	License compliance rectification	2024-06-13 14:40:22 +08:00
openeuler-ci-bot	3b6dffd435	!13 Upgrade to version 1.1.0 From: @starlet-dx Reviewed-by: @caodongxia Signed-off-by: @caodongxia	2022-10-27 12:33:41 +00:00
starlet-dx	420530b027	Upgrade to version 1.1.0	2022-10-27 15:32:19 +08:00
openeuler-ci-bot	192ee9f36f	!11 [sync] PR-9: fix CVE-2022-21797 From: @openeuler-sync-bot Reviewed-by: @shinwell_hu Signed-off-by: @shinwell_hu	2022-09-30 03:14:39 +00:00
emancipator	1c88579ad6	fix CVE-2022-21797 (cherry picked from commit d63f66d102c28813b9f3ef6fdbac86d8786d900c)	2022-09-30 10:39:29 +08:00
openeuler-ci-bot	d69463bfac	!4 Upgrade python-joblib to 1.0.0 in master From: @jlwwlsqc Reviewed-by: @shinwell_hu Signed-off-by: @shinwell_hu	2021-02-03 10:57:53 +08:00
wangjie	a852f264a9	upgrade 1.0.0-1	2021-02-01 16:40:29 +08:00
openeuler-ci-bot	f23881174e	!3 delete python2. From: @weiwei_150212 Reviewed-by: @small_leek Signed-off-by: @small_leek	2020-10-31 11:45:48 +08:00
s17723959267	15d80c6b59	delete python2	2020-10-29 11:24:23 +08:00