Overview

Request 884730 accepted

- Update to 1.15.5:
* Note that this is the last patch release for the
TensorFlow 1.x series.
* Fixes an access to unitialized memory in Eigen code
(CVE-2020-26266)
* Fixes a security vulnerability caused by lack of
validation in tf.raw_ops.DataFormatVecPermute and
tf.raw_ops.DataFormatDimMap (CVE-2020-26267)
* Fixes a vulnerability caused by attempting to write to
immutable memory region in tf.raw_ops.ImmutableConst
(CVE-2020-26268
* Fixes a CHECK-fail in LSTM with zero-length input
(CVE-2020-26270)
* Fixes a security vulnerability caused by accessing heap
data outside of bounds when loading a specially crafted
SavedModel (CVE-2020-26271)
* Updates libjpeg-turbo to 2.0.5 to handle CVE-2020-13790.
* Updates junit to 4.13.1 to handle CVE-2020-15250.
* Updates PCRE to 8.44 to handle CVE-2019-20838 and
CVE-2020-14155.
* Updates sqlite3 to 3.44.0 to keep in sync with master branch.
- Fix links to some of the bundled libs
- Add grpc-4566c2a.tar.gz instead of systemlib
* needs grpc-pr18950-bazel.patch
- BuildRequire numpy-devel < 1.19. This effectively disables the
failing build of tensorflow 1.x on Tumbleweed.

Loading...

Christian Goll's avatar
reviewer target maintainer

Build looks good, but I missed the plan how to proceed with numpy?


Benjamin Greiner's avatar

There is no plan. If you need, you can keep tensorflow 1 in the devel project for SLE/Leap as long as numpy is below 1.19 there.

But Factory can't have tensorflow 1 -- https://build.opensuse.org/request/show/884728


Christian Goll's avatar
reviewer target maintainer

We will keep it here in the devel project, thanks for the update.

Request History
Benjamin Greiner's avatar

bnavigator created request

- Update to 1.15.5:
* Note that this is the last patch release for the
TensorFlow 1.x series.
* Fixes an access to unitialized memory in Eigen code
(CVE-2020-26266)
* Fixes a security vulnerability caused by lack of
validation in tf.raw_ops.DataFormatVecPermute and
tf.raw_ops.DataFormatDimMap (CVE-2020-26267)
* Fixes a vulnerability caused by attempting to write to
immutable memory region in tf.raw_ops.ImmutableConst
(CVE-2020-26268
* Fixes a CHECK-fail in LSTM with zero-length input
(CVE-2020-26270)
* Fixes a security vulnerability caused by accessing heap
data outside of bounds when loading a specially crafted
SavedModel (CVE-2020-26271)
* Updates libjpeg-turbo to 2.0.5 to handle CVE-2020-13790.
* Updates junit to 4.13.1 to handle CVE-2020-15250.
* Updates PCRE to 8.44 to handle CVE-2019-20838 and
CVE-2020-14155.
* Updates sqlite3 to 3.44.0 to keep in sync with master branch.
- Fix links to some of the bundled libs
- Add grpc-4566c2a.tar.gz instead of systemlib
* needs grpc-pr18950-bazel.patch
- BuildRequire numpy-devel < 1.19. This effectively disables the
failing build of tensorflow 1.x on Tumbleweed.


Christian Goll's avatar

mslacken accepted request

Won't submit to factory, but added you also as maintainer

openSUSE Build Service is sponsored by