commit tensorflow2 for openSUSE:Factory

Sat, 05 Feb 2022 14:23:25 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package tensorflow2 for openSUSE:Factory 
checked in at 2022-02-05 23:23:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tensorflow2 (Old)
 and      /work/SRC/openSUSE:Factory/.tensorflow2.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "tensorflow2"

Sat Feb  5 23:23:00 2022 rev:29 rq:951670 version:2.7.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/tensorflow2/tensorflow2.changes  2022-02-02 
22:45:01.230065030 +0100
+++ /work/SRC/openSUSE:Factory/.tensorflow2.new.1898/tensorflow2.changes        
2022-02-05 23:23:14.051903765 +0100
@@ -1,0 +2,108 @@
+Fri Feb  4 21:37:07 UTC 2022 - Ben Greiner <c...@bnavigator.de>
+
+- restore larger memory per job constraint
+
+-------------------------------------------------------------------
+Fri Feb  4 16:28:12 UTC 2022 - Ben Greiner <c...@bnavigator.de>
+
+- Update to 2.7.1 -- boo#1195545 security update
+  * Fixes a floating point division by 0 when executing convolution
+    operators (CVE-2022-21725)
+  * Fixes a heap OOB read in shape inference for ReverseSequence
+    (CVE-2022-21728)
+  * Fixes a heap OOB access in Dequantize (CVE-2022-21726)
+  * Fixes an integer overflow in shape inference for Dequantize
+    (CVE-2022-21727)
+  * Fixes a heap OOB access in FractionalAvgPoolGrad
+    (CVE-2022-21730)
+  * Fixes an overflow and divide by zero in UnravelIndex
+    (CVE-2022-21729)
+  * Fixes a type confusion in shape inference for ConcatV2
+    (CVE-2022-21731)
+  * Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)
+  * Fixes an OOM due to integer overflow in StringNGrams
+    (CVE-2022-21733)
+  * Fixes more issues caused by incomplete validation in boosted
+    trees code (CVE-2021-41208)
+  * Fixes an integer overflows in most sparse component-wise ops
+    (CVE-2022-23567)
+  * Fixes an integer overflows in AddManySparseToTensorsMap
+    (CVE-2022-23568)
+  * Fixes a number of CHECK-failures in MapStage (CVE-2022-21734)
+  * Fixes a division by zero in FractionalMaxPool (CVE-2022-21735)
+  * Fixes a number of CHECK-fails when building invalid/overflowing
+    tensor shapes (CVE-2022-23569)
+  * Fixes an undefined behavior in SparseTensorSliceDataset
+    (CVE-2022-21736)
+  * Fixes an assertion failure based denial of service via faulty
+    bin count operations (CVE-2022-21737)
+  * Fixes a reference binding to null pointer in QuantizedMaxPool
+    (CVE-2022-21739)
+  * Fixes an integer overflow leading to crash in
+    SparseCountSparseOutput (CVE-2022-21738)
+  * Fixes a heap overflow in SparseCountSparseOutput
+    (CVE-2022-21740)
+  * Fixes an FPE in BiasAndClamp in TFLite (CVE-2022-23557)
+  * Fixes an FPE in depthwise convolutions in TFLite
+    (CVE-2022-21741)
+  * Fixes an integer overflow in TFLite array creation
+    (CVE-2022-23558)
+  * Fixes an integer overflow in TFLite (CVE-2022-23559)
+  * Fixes a dangerous OOB write in TFLite (CVE-2022-23561)
+  * Fixes a vulnerability leading to read and write outside of
+    bounds in TFLite (CVE-2022-23560)
+  * Fixes a set of vulnerabilities caused by using insecure
+    temporary files (CVE-2022-23563)
+  * Fixes an integer overflow in Range resulting in undefined
+    behavior and OOM (CVE-2022-23562)
+  * Fixes a vulnerability where missing validation causes
+    tf.sparse.split to crash when axis is a tuple (CVE-2021-41206)
+  * Fixes a CHECK-fail when decoding resource handles from proto
+    (CVE-2022-23564)
+  * Fixes a CHECK-fail with repeated AttrDef (CVE-2022-23565)
+  * Fixes a heap OOB write in Grappler (CVE-2022-23566)
+  * Fixes a CHECK-fail when decoding invalid tensors from proto
+    (CVE-2022-23571)
+  * Fixes a null-dereference when specializing tensor type
+    (CVE-2022-23570)
+  * Fixes a crash when type cannot be specialized (CVE-2022-23572)
+  * Fixes a heap OOB read/write in SpecializeType (CVE-2022-23574)
+  * Fixes an unitialized variable access in AssignOp
+    (CVE-2022-23573)
+  * Fixes an integer overflow in
+    OpLevelCostEstimator::CalculateTensorSize (CVE-2022-23575)
+  * Fixes an integer overflow in
+    OpLevelCostEstimator::CalculateOutputSize (CVE-2022-23576)
+  * Fixes a null dereference in GetInitOp (CVE-2022-23577)
+  * Fixes a memory leak when a graph node is invalid
+    (CVE-2022-23578)
+  * Fixes an abort caused by allocating a vector that is too large
+    (CVE-2022-23580)
+  * Fixes multiple CHECK-failures during Grappler's
+    IsSimplifiableReshape (CVE-2022-23581)
+  * Fixes multiple CHECK-failures during Grappler's
+    SafeToRemoveIdentity (CVE-2022-23579)
+  * Fixes multiple CHECK-failures in TensorByteSize
+    (CVE-2022-23582)
+  * Fixes multiple CHECK-failures in binary ops due to type
+    confusion (CVE-2022-23583)
+  * Fixes a use after free in DecodePng kernel (CVE-2022-23584)
+  * Fixes a memory leak in decoding PNG images (CVE-2022-23585)
+  * Fixes multiple CHECK-fails in function.cc (CVE-2022-23586)
+  * Fixes multiple CHECK-fails due to attempting to build a
+    reference tensor (CVE-2022-23588)
+  * Fixes an integer overflow in Grappler cost estimation of crop
+    and resize operation (CVE-2022-23587)
+  * Fixes a null pointer dereference in Grappler's IsConstant
+    (CVE-2022-23589)
+  * Fixes a CHECK failure in constant folding (CVE-2021-41197)
+  * Fixes a stack overflow due to self-recursive function in
+    GraphDef (CVE-2022-23591)
+  * Fixes a crash due to erroneous StatusOr (CVE-2022-23590)
+  * Fixes multiple crashes and heap OOB accesses in TFG dialect
+    (MLIR) (CVE-2022-23594)
+  * Fixes a null pointer dereference in BuildXlaCompilationCache
+    (XLA) (CVE-2022-23595)
+  * Updates icu to 69.1 to handle CVE-2020-10531
+
+-------------------------------------------------------------------

Old:
----
  tensorflow-2.7.0.tar.gz

New:
----
  tensorflow-2.7.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tensorflow2.spec ++++++
--- /var/tmp/diff_new_pack.pIutx7/_old  2022-02-05 23:23:16.839884696 +0100
+++ /var/tmp/diff_new_pack.pIutx7/_new  2022-02-05 23:23:16.843884668 +0100
@@ -18,12 +18,12 @@
 
 #
 %define pname tensorflow2
-%define vers 2.7.0
+%define vers 2.7.1
 #%%define cand -rc4
-%define _vers 2_7_0
+%define _vers 2_7_1
 %define libmaj 2
 %define libmin 7
-%define libref 0
+%define libref 1
 %ifarch aarch64
 %define mklconfig mkl_aarch64
 %else
@@ -621,7 +621,7 @@
 
 %else
 # --- Build regular tensorflow (standard and hpc) ---
-%limit_build -m 3000
+%limit_build -m 6000
 
 %if %{with hpc}
 %hpc_setup











++++++ tensorflow-2.7.0.tar.gz -> tensorflow-2.7.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/tensorflow2/tensorflow-2.7.0.tar.gz 
/work/SRC/openSUSE:Factory/.tensorflow2.new.1898/tensorflow-2.7.1.tar.gz 
differ: char 26, line 1

Reply via email to