Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-joblib for openSUSE:Factory checked in at 2022-10-12 18:22:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-joblib (Old) and /work/SRC/openSUSE:Factory/.python-joblib.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-joblib" Wed Oct 12 18:22:37 2022 rev:21 rq:1010179 version:1.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-joblib/python-joblib.changes 2022-07-22 19:20:23.880575251 +0200 +++ /work/SRC/openSUSE:Factory/.python-joblib.new.2275/python-joblib.changes 2022-10-12 18:22:43.149368817 +0200 @@ -1,0 +2,28 @@ +Tue Oct 11 13:20:33 UTC 2022 - Ben Greiner <[email protected]> + +- Update to 1.2.0 (CVE-2022-21797, bsc#1204232) + * Fix a security issue where eval(pre_dispatch) could potentially + run arbitrary code. Now only basic numerics are supported. + #1327 + * Make sure that joblib works even when multiprocessing is not + available, for instance with Pyodide #1256 + * Avoid unnecessary warnings when workers and main process delete + the temporary memmap folder contents concurrently. #1263 + * Vendor loky 3.1.0 with several fixes to more robustly forcibly + terminate worker processes in case of a crash. #1269 + * Fix memory alignment bug for pickles containing numpy arrays. + This is especially important when loading the pickle with + mmap_mode != None as the resulting numpy.memmap object would + not be able to correct the misalignment without performing a + memory copy. This bug would cause invalid computation and + segmentation faults with native code that would directly access + the underlying data buffer of a numpy array, for instance + C/C++/Cython code compiled with older GCC versions or some old + OpenBLAS written in platform specific assembly. #1254 + * Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+. + * Vendor loky 3.3.0 which fixes a bug with leaking processes in + case of nested loky parallel calls and more reliability spawn + the correct number of reusable workers. +- Drop support-setuptools-62.patch + +------------------------------------------------------------------- Old: ---- joblib-1.1.0.tar.gz support-setuptools-62.patch New: ---- joblib-1.2.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-joblib.spec ++++++ --- /var/tmp/diff_new_pack.hzS4Cw/_old 2022-10-12 18:22:43.981370896 +0200 +++ /var/tmp/diff_new_pack.hzS4Cw/_new 2022-10-12 18:22:43.985370906 +0200 @@ -16,16 +16,14 @@ # -%{?!python_module:%define python_module() python-%{**} python3-%{**}} -%global skip_python2 1 Name: python-joblib -Version: 1.1.0 +Version: 1.2.0 Release: 0 Summary: Module for using Python functions as pipeline jobs License: BSD-3-Clause URL: https://github.com/joblib/joblib Source: https://files.pythonhosted.org/packages/source/j/joblib/joblib-%{version}.tar.gz -Patch0: support-setuptools-62.patch +BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module lz4} BuildRequires: %{python_module numpy} BuildRequires: %{python_module psutil} @@ -111,7 +109,7 @@ %files %{python_files} %license LICENSE.txt %doc README.rst -%{python_sitelib}/joblib-%{version}-py*.egg-info +%{python_sitelib}/joblib-%{version}*-info %{python_sitelib}/joblib/ %changelog ++++++ joblib-1.1.0.tar.gz -> joblib-1.2.0.tar.gz ++++++ ++++ 41006 lines of diff (skipped)
