!25 License compliance rectification

From: @wk333 Reviewed-by: @cherry530 Signed-off-by: @cherry530
License compliance rectification
2024-06-14 07:07:19 +00:00 · 2024-06-13 14:40:22 +08:00 · 2022-10-27 12:33:41 +00:00 · 2022-10-27 15:32:19 +08:00 · 2022-09-30 03:14:39 +00:00 · 2022-09-30 10:39:29 +08:00
4 changed files with 60 additions and 7 deletions
--- a/0.14.0.tar.gz
+++ b/0.14.0.tar.gz
--- a/CVE-2022-21797.patch
+++ b/CVE-2022-21797.patch
@ -0,0 +1,38 @@
+From b90f10efeb670a2cc877fb88ebb3f2019189e059 Mon Sep 17 00:00:00 2001
+From: Adrin Jalali <adrin.jalali@gmail.com>
+Date: Mon, 5 Sep 2022 15:15:04 +0200
+Subject: [PATCH] FIX make sure pre_dispatch cannot do arbitrary code execution
+ (#1321)
+
+---
+ joblib/parallel.py | 10 ++++++++--
+ 1 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/joblib/parallel.py b/joblib/parallel.py
+index f9c84548d..1c2fe18f7 100644
+--- a/joblib/parallel.py
+++ b/joblib/parallel.py
+@@ -504,7 +504,9 @@ class Parallel(Logger):
+         pre_dispatch: {'all', integer, or expression, as in '3*n_jobs'}
+             The number of batches (of tasks) to be pre-dispatched.
+             Default is '2*n_jobs'. When batch_size="auto" this is reasonable
+-            default and the workers should never starve.
+            default and the workers should never starve. Note that only basic
+            arithmetics are allowed here and no modules can be used in this
+            expression.
+         batch_size: int or 'auto', default: 'auto'
+             The number of atomic tasks to dispatch at once to each
+             worker. When individual evaluations are very fast, dispatching
+@@ -1049,7 +1051,11 @@ def _batched_calls_reducer_callback():
+         else:
+             self._original_iterator = iterator
+             if hasattr(pre_dispatch, 'endswith'):
+-                pre_dispatch = eval(pre_dispatch)
+                pre_dispatch = eval(
+                    pre_dispatch,
+                    {"n_jobs": n_jobs, "__builtins__": {}},  # globals
+                    {}  # locals
+                )
+             self._pre_dispatch_amount = pre_dispatch = int(pre_dispatch)
+ 
+             # The main thread will consume the first pre_dispatch items and
--- a/joblib-1.1.0.tar.gz
+++ b/joblib-1.1.0.tar.gz
--- a/python-joblib.spec
+++ b/python-joblib.spec
@ -1,12 +1,13 @@
 %global pypi_name joblib

 Name:           python-%{pypi_name}
-Version:        0.14.0
-Release:        3
+Version:        1.1.0
+Release:        2
 Summary:        Utilities to provide lightweight pipelining in Python
-License:        BSD-licenced (3 clause)
+License:        BSD-3-Clause
 URL:            https://joblib.readthedocs.io/en/latest/
-Source0:        https://github.com/joblib/joblib/archive/0.14.0.tar.gz
+Source0:        https://github.com/joblib/joblib/archive/%{version}.tar.gz#/%{pypi_name}-%{version}.tar.gz
+Patch0:         CVE-2022-21797.patch
 BuildArch:      noarch
 BuildRequires:  python3-devel
 #test requires
@ -25,7 +26,7 @@ Summary:        %{summary}
 %description -n python3-%{pypi_name} %{_description}

 %prep
-%autosetup -n %{pypi_name}-%{version}
+%autosetup -p1 -n %{pypi_name}-%{version}

 %build
 %py3_build
@ -35,8 +36,7 @@ Summary:        %{summary}


 %check
-export PYTHONPATH=$(pwd)
-py.test-%{python3_version} joblib
+%{__python3} -m pytest -k "not test_parallel_call_cached_function_defined_in_jupyter"

 %files -n python3-%{pypi_name}
 %license LICENSE.txt
@ -45,5 +45,20 @@ py.test-%{python3_version} joblib
 %{python3_sitelib}/%{pypi_name}/

 %changelog
+* Thu Jun 13 2024 wangkai <13474090681@163.com> - 1.1.0-2
+- License compliance rectification
+
+* Thu Oct 27 2022 yaoxin <yaoxin30@h-aprtners.com> - 1.1.0-1
+- Upgrade to version 1.1.0
+
+* Wed Sep 28 2022 liangqifeng <liangqifeng@ncti-gba.cn> - 1.0.0-2
+- fix CVE-2022-21797
+
+* Mon Feb 1 2021 wangjie<wangjie294@huawei.com> - 1.0.0-1
+- upgrade version to 1.0.0
+
+* Thu Oct 29 2020 tianwei<tianwei12@huawei.com> - 0.14.0-4
+- delete python2 require
+
 * Fri Feb 14 2020 gulining<gulining1@huawei.com> - 0.14.0-3
 - Init package
Author	SHA1	Message	Date
openeuler-ci-bot	71e5864009	!25 License compliance rectification From: @wk333 Reviewed-by: @cherry530 Signed-off-by: @cherry530	2024-06-14 07:07:19 +00:00
wk333	960a06dc1a	License compliance rectification	2024-06-13 14:40:22 +08:00
openeuler-ci-bot	3b6dffd435	!13 Upgrade to version 1.1.0 From: @starlet-dx Reviewed-by: @caodongxia Signed-off-by: @caodongxia	2022-10-27 12:33:41 +00:00
starlet-dx	420530b027	Upgrade to version 1.1.0	2022-10-27 15:32:19 +08:00
openeuler-ci-bot	192ee9f36f	!11 [sync] PR-9: fix CVE-2022-21797 From: @openeuler-sync-bot Reviewed-by: @shinwell_hu Signed-off-by: @shinwell_hu	2022-09-30 03:14:39 +00:00
emancipator	1c88579ad6	fix CVE-2022-21797 (cherry picked from commit d63f66d102c28813b9f3ef6fdbac86d8786d900c)	2022-09-30 10:39:29 +08:00
openeuler-ci-bot	d69463bfac	!4 Upgrade python-joblib to 1.0.0 in master From: @jlwwlsqc Reviewed-by: @shinwell_hu Signed-off-by: @shinwell_hu	2021-02-03 10:57:53 +08:00
wangjie	a852f264a9	upgrade 1.0.0-1	2021-02-01 16:40:29 +08:00
openeuler-ci-bot	f23881174e	!3 delete python2. From: @weiwei_150212 Reviewed-by: @small_leek Signed-off-by: @small_leek	2020-10-31 11:45:48 +08:00
s17723959267	15d80c6b59	delete python2	2020-10-29 11:24:23 +08:00