Revisions of tensorflow2
Benjamin Greiner (bnavigator)
committed
(revision 94)
Benjamin Greiner (bnavigator)
committed
(revision 93)
Benjamin Greiner (bnavigator)
committed
(revision 92)
Benjamin Greiner (bnavigator)
accepted
request 951596
from
Benjamin Greiner (bnavigator)
(revision 91)
- Update to 2.7.1 -- boo#1195545 security update * Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725) * Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728) * Fixes a heap OOB access in Dequantize (CVE-2022-21726) * Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727) * Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730) * Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729) * Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731) * Fixes an OOM in ThreadPoolHandle (CVE-2022-21732) * Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733) * Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208) * Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567) * Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568) * Fixes a number of CHECK-failures in MapStage (CVE-2022-21734) * Fixes a division by zero in FractionalMaxPool (CVE-2022-21735) * Fixes a number of CHECK-fails when building invalid/overflowing tensor shapes (CVE-2022-23569) * Fixes an undefined behavior in SparseTensorSliceDataset (CVE-2022-21736) * Fixes an assertion failure based denial of service via faulty bin count operations (CVE-2022-21737) * Fixes a reference binding to null pointer in QuantizedMaxPool (CVE-2022-21739) * Fixes an integer overflow leading to crash in SparseCountSparseOutput (CVE-2022-21738) * Fixes a heap overflow in SparseCountSparseOutput (CVE-2022-21740) * Fixes an FPE in BiasAndClamp in TFLite (CVE-2022-23557) * Fixes an FPE in depthwise convolutions in TFLite (CVE-2022-21741) * Fixes an integer overflow in TFLite array creation (CVE-2022-23558) * Fixes an integer overflow in TFLite (CVE-2022-23559) * Fixes a dangerous OOB write in TFLite (CVE-2022-23561) * Fixes a vulnerability leading to read and write outside of bounds in TFLite (CVE-2022-23560) * Fixes a set of vulnerabilities caused by using insecure temporary files (CVE-2022-23563) * Fixes an integer overflow in Range resulting in undefined behavior and OOM (CVE-2022-23562) * Fixes a vulnerability where missing validation causes tf.sparse.split to crash when axis is a tuple (CVE-2021-41206) * Fixes a CHECK-fail when decoding resource handles from proto (CVE-2022-23564) * Fixes a CHECK-fail with repeated AttrDef (CVE-2022-23565) * Fixes a heap OOB write in Grappler (CVE-2022-23566) * Fixes a CHECK-fail when decoding invalid tensors from proto (CVE-2022-23571) * Fixes a null-dereference when specializing tensor type (CVE-2022-23570) * Fixes a crash when type cannot be specialized (CVE-2022-23572) * Fixes a heap OOB read/write in SpecializeType (CVE-2022-23574) * Fixes an unitialized variable access in AssignOp (CVE-2022-23573) * Fixes an integer overflow in OpLevelCostEstimator::CalculateTensorSize (CVE-2022-23575) * Fixes an integer overflow in OpLevelCostEstimator::CalculateOutputSize (CVE-2022-23576) * Fixes a null dereference in GetInitOp (CVE-2022-23577) * Fixes a memory leak when a graph node is invalid (CVE-2022-23578) * Fixes an abort caused by allocating a vector that is too large (CVE-2022-23580) * Fixes multiple CHECK-failures during Grappler's IsSimplifiableReshape (CVE-2022-23581) * Fixes multiple CHECK-failures during Grappler's SafeToRemoveIdentity (CVE-2022-23579) * Fixes multiple CHECK-failures in TensorByteSize (CVE-2022-23582) * Fixes multiple CHECK-failures in binary ops due to type confusion (CVE-2022-23583) * Fixes a use after free in DecodePng kernel (CVE-2022-23584) * Fixes a memory leak in decoding PNG images (CVE-2022-23585) * Fixes multiple CHECK-fails in function.cc (CVE-2022-23586) * Fixes multiple CHECK-fails due to attempting to build a reference tensor (CVE-2022-23588) * Fixes an integer overflow in Grappler cost estimation of crop and resize operation (CVE-2022-23587) * Fixes a null pointer dereference in Grappler's IsConstant (CVE-2022-23589) * Fixes a CHECK failure in constant folding (CVE-2021-41197) * Fixes a stack overflow due to self-recursive function in GraphDef (CVE-2022-23591) * Fixes a crash due to erroneous StatusOr (CVE-2022-23590) * Fixes multiple crashes and heap OOB accesses in TFG dialect (MLIR) (CVE-2022-23594) * Fixes a null pointer dereference in BuildXlaCompilationCache (XLA) (CVE-2022-23595) * Updates icu to 69.1 to handle CVE-2020-10531
Benjamin Greiner (bnavigator)
committed
(revision 90)
.
Benjamin Greiner (bnavigator)
committed
(revision 89)
- Remove URLs from github zip archives for xnnpack transitive dependencies: The GitHub archiver produces unreliable files
Benjamin Greiner (bnavigator)
committed
(revision 88)
.
Benjamin Greiner (bnavigator)
accepted
request 950383
from
Benjamin Greiner (bnavigator)
(revision 87)
- Update to 2.7.0 * Big changelog: at https://github.com/tensorflow/tensorflow/releases/tag/v2.7.0 - Security references: * Fixes a code injection issue in saved_model_cli (CVE-2021-41228) * Fixes a vulnerability due to use of uninitialized value in Tensorflow (CVE-2021-41225) * Fixes a heap OOB in FusedBatchNorm kernels (CVE-2021-41223) * Fixes an arbitrary memory read in ImmutableConst (CVE-2021-41227) * Fixes a heap OOB in SparseBinCount (CVE-2021-41226) * Fixes a heap OOB in SparseFillEmptyRows (CVE-2021-41224) * Fixes a segfault due to negative splits in SplitV (CVE-2021-41222) * Fixes segfaults and vulnerabilities caused by accesses to invalid memory during shape inference in Cudnn* ops (CVE-2021-41221) * Fixes a null pointer exception when Exit node is not preceded by Enter op (CVE-2021-41217) * Fixes an integer division by 0 in tf.raw_ops.AllToAll (CVE-2021-41218) * Fixes a use after free and a memory leak in CollectiveReduceV2 (CVE-2021-41220) * Fixes an undefined behavior via nullptr reference binding in sparse matrix multiplication (CVE-2021-41219) * Fixes a heap buffer overflow in Transpose (CVE-2021-41216) * Prevents deadlocks arising from mutually recursive tf.function objects (CVE-2021-41213) * Fixes a null pointer exception in DeserializeSparse (CVE-2021-41215) * Fixes an undefined behavior arising from reference binding to nullptr in tf.ragged.cross (CVE-2021-41214) * Fixes a heap OOB read in tf.ragged.cross (CVE-2021-41212) * Fixes a heap OOB in shape inference for QuantizeV2 (CVE-2021-41211) * Fixes a heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops (CVE-2021-41205) * Fixes an FPE in ParallelConcat (CVE-2021-41207) * Fixes FPE issues in convolutions with zero size filters (CVE-2021-41209) * Fixes a heap OOB read in tf.raw_ops.SparseCountSparseOutput (CVE-2021-41210) * Fixes vulnerabilities caused by incomplete validation in boosted trees code (CVE-2021-41208) * Fixes vulnerabilities caused by incomplete validation of shapes in multiple TF ops (CVE-2021-41206) * Fixes a segfault produced while copying constant resource tensor (CVE-2021-41204) * Fixes a vulnerability caused by unitialized access in EinsumHelper::ParseEquation (CVE-2021-41201) * Fixes several vulnerabilities and segfaults caused by missing validation during checkpoint loading (CVE-2021-41203) * Fixes an overflow producing a crash in tf.range (CVE-2021-41202) * Fixes an overflow producing a crash in tf.image.resize when size is large (CVE-2021-41199) * Fixes an overflow producing a crash in tf.tile when tiling tensor is large (CVE-2021-41198) * Fixes a vulnerability produced due to incomplete validation in tf.summary.create_file_writer (CVE-2021-41200) * Fixes multiple crashes due to overflow and CHECK-fail in ops with large tensor shapes (CVE-2021-41197) * Fixes a crash in max_pool3d when size argument is 0 or negative (CVE-2021-41196) * Fixes a crash in tf.math.segment_* operations (CVE-2021-41195) * Updates curl to 7.78.0 to handle CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, and CVE-2021-22926. - This drops support for Python 3.6 and thus for SLE/Leap 15 See also https://code.opensuse.org/leap/features/issue/35 - Closes boo#1195295 * Note that tensorflow2 (non-lite) will be removed from Tumbleweed soon if there are no volunteers, see leap feature issue above. - Have to migrate tensorflow-lite build to CMake as old Makefile was dropped - Drop patches no longer necessary or applicable * tensorflow-2.6.0-remove-weakref.patch * tensorflow-2.6.0-fix-lite.patch * tensorflow-2.6.0-tf-keras-hdf5-3.patch * tensorflow-2.6.0-removed-clog-build-as-included-in-cpuinfo.patch * tensorflow-2.6.0-numpy-tensor-small.patch - fix double nested unpacking and refresh patches, migrate to -p1 * tensorflow-2.6.0-removed-external-toolchains.patch * tensorflow-2.6.0-compile-with-protobuf-3.16.patch - Add #tensorflow-2.7.0-fix-lite.patch * https://github.com/tensorflow/tensorflow/commit/fb1dcbd9 * gh#tensorflow/tensorflow#54216 - Have to use grpc and upb from bazelcache, pulls in go * Add tensorflow-2.7.0-go_host_sdk.patch -- use system SDK instead of downloading a binary blob
Guillaume GARDET (Guillaume_G)
accepted
request 945535
from
Guillaume GARDET (Guillaume_G)
(revision 86)
- Remove more python dependencies for tensorflow2-lite
Guillaume GARDET (Guillaume_G)
accepted
request 945335
from
Guillaume GARDET (Guillaume_G)
(revision 85)
- tensorflow2-lite version does not need all the python dependencies listed for tensorflow2
Guillaume GARDET (Guillaume_G)
accepted
request 944703
from
Guillaume GARDET (Guillaume_G)
(revision 84)
- Leap 15.x / Backports: Do not build non-Lite versions since python3-numpy and python3-scipy are too old for Keras/TF2
Benjamin Greiner (bnavigator)
committed
(revision 83)
Benjamin Greiner (bnavigator)
committed
(revision 82)
etend and actually use the base_vers macros
Benjamin Greiner (bnavigator)
committed
(revision 81)
Benjamin Greiner (bnavigator)
accepted
request 930509
from
Christian Goll (mslacken)
(revision 80)
- updated to 2.6.2 which is bug fix release which just fixes an issue where keras, tensorflow_estimator and tensorboard were missing proper upper bounds and resulted in broken installs after Keras 2.7 release for all packages in TensorFlow ecosystem - Dixes from 2.6.1 (boo#1192447): * Fixes a code injection issue in saved_model_cli (CVE-2021-41228) * Fixes a vulnerability due to use of uninitialized value in Tensorflow (CVE-2021-41225) * Fixes a heap OOB in FusedBatchNorm kernels (CVE-2021-41223) * Fixes an arbitrary memory read in ImmutableConst (CVE-2021-41227) * Fixes a heap OOB in SparseBinCount (CVE-2021-41226) * Fixes a heap OOB in SparseFillEmptyRows (CVE-2021-41224) * Fixes a segfault due to negative splits in SplitV (CVE-2021-41222) * Fixes segfaults and vulnerabilities caused by accesses to invalid memory during shape inference in Cudnn* ops (CVE-2021-41221) * Fixes a null pointer exception when Exit node is not preceded by Enter op (CVE-2021-41217) * Fixes an integer division by 0 in tf.raw_ops.AllToAll (CVE-2021-41218) * Fixes a use after free and a memory leak in CollectiveReduceV2 (CVE-2021-41220) * Fixes an undefined behavior via nullptr reference binding in sparse matrix multiplication (CVE-2021-41219) * Fixes a heap buffer overflow in Transpose (CVE-2021-41216) * Prevents deadlocks arising from mutually recursive tf.function objects (CVE-2021-41213) * Fixes a null pointer exception in DeserializeSparse (CVE-2021-41215) * Fixes an undefined behavior arising from reference binding to nullptr in tf.ragged.cross (CVE-2021-41214) * Fixes a heap OOB read in tf.ragged.cross (CVE-2021-41212) * Fixes a heap OOB in shape inference for QuantizeV2 (CVE-2021-41211) * Fixes a heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops (CVE-2021-41205) * Fixes an FPE in ParallelConcat (CVE-2021-41207) * Fixes FPE issues in convolutions with zero size filters (CVE-2021-41209) * Fixes a heap OOB read in tf.raw_ops.SparseCountSparseOutput (CVE-2021-41210)
Egbert Eich (eeich)
accepted
request 927105
from
Egbert Eich (eeich)
(revision 79)
- Make sure tensorflow/core/public/version.h is installed in the 'lite' version (bsc#1191805).
Christian Goll (mslacken)
accepted
request 921352
from
Benjamin Greiner (bnavigator)
(revision 78)
- Add missing python requirements -- boo#1190856
Christian Goll (mslacken)
accepted
request 915522
from
Egbert Eich (eeich)
(revision 77)
- Limit BuildRequires for bazel-skylib-source to versions >= 1.0.3.
Christian Goll (mslacken)
accepted
request 913476
from
Fusion Future (fusionfuture)
(revision 76)
- Update to 2.6.0 Major changes are: * Keras been split into a separate PIP package (keras), and its code has been moved to the GitHub repositorykeras-team/keras. The API endpoints for tf.keras stay unchanged, but are now backed by the keras PIP package. The existing code in tensorflow/python/keras is a staled copy and will be removed in future release (2.7). Please remove any imports to tensorflow.python.keras and replace them with public tf.keras API instead. * tf.train.experimental.enable_mixed_precision_graph_rewrite is removed, as the API only works in graph mode and is not customizable. The function is still accessible under tf.compat.v1.mixed_precision.enable_mixed_precision_graph_rewrite, but it is recommended to use the Keras mixed precision API instead. * tf.lite: Remove experimental.nn.dynamic_rnn, experimental.nn.TfLiteRNNCell and experimental.nn.TfLiteLSTMCell since they're no longer supported. It's recommended to just use keras lstm instead. * tf.keras: The methods Model.to_yaml() and keras.models.model_from_yaml have been replaced to raise a RuntimeError as they can be abused to cause arbitrary code execution. It is recommended to use JSON serialization instead of YAML, or, a better alternative, serialize to H5. - Major changes from 2.5.x: * Support for Python3.9 has been added. * The TF_CPP_MIN_VLOG_LEVEL environment variable has been renamed to to TF_CPP_MAX_VLOG_LEVEL which correctly describes its
buildservice-autocommit
accepted
request 894333
from
Guillaume GARDET (Guillaume_G)
(revision 75)
baserev update by copy to link target
Displaying revisions 1 - 20 of 94