[22.11] python3Packages.tensorflow: add patches for many CVEs #224988
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 task
(cherry picked from commit c9deaf2)
risicle
force-pushed
the
ris-tensorflow-CVEs-202303-r22.11
branch
from
fa0d047
to
0431d34
Compare
|
Builds successfully on |
|
Builds on x86_64-darwin, and a built-in command produces help output: $ nix build github:NixOS/nixpkgs/pull/224988/head#python3Packages.tensorflow
$ ./result/bin/saved_model_cli --help
2023-04-08 11:30:17.299860: I tensorflow/core/platform/cpu_feature_guard.cc:193] This TensorFlow binary is optimized with oneAPI Deep Neural Network Library (oneDNN) to use the following CPU instructions in performance-critical operations: SSE4.2 AVX AVX2 FMA
To enable them in other operations, rebuild TensorFlow with the appropriate compiler flags.
usage: saved_model_cli [-h] [-v] {show,run,scan,convert,aot_compile_cpu,freeze_model} ...
saved_model_cli: Command-line interface for SavedModel
options:
-h, --help show this help message and exit
-v, --version show program's version number and exit
commands:
valid commands
{show,run,scan,convert,aot_compile_cpu,freeze_model}
additional help |
12 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
https://nvd.nist.gov/vuln/detail/CVE-2023-27579
https://nvd.nist.gov/vuln/detail/CVE-2023-25801
https://nvd.nist.gov/vuln/detail/CVE-2023-25676
https://nvd.nist.gov/vuln/detail/CVE-2023-25675
https://nvd.nist.gov/vuln/detail/CVE-2023-25674
https://nvd.nist.gov/vuln/detail/CVE-2023-25673
https://nvd.nist.gov/vuln/detail/CVE-2023-25671
https://nvd.nist.gov/vuln/detail/CVE-2023-25670
https://nvd.nist.gov/vuln/detail/CVE-2023-25669
Not https://nvd.nist.gov/vuln/detail/CVE-2023-25668 (see tensorflow/tensorflow@1c2e7f4)
https://nvd.nist.gov/vuln/detail/CVE-2023-25667
https://nvd.nist.gov/vuln/detail/CVE-2023-25665
https://nvd.nist.gov/vuln/detail/CVE-2023-25666
https://nvd.nist.gov/vuln/detail/CVE-2023-25664
https://nvd.nist.gov/vuln/detail/CVE-2023-25663
https://nvd.nist.gov/vuln/detail/CVE-2023-25662
https://nvd.nist.gov/vuln/detail/CVE-2023-25660
https://nvd.nist.gov/vuln/detail/CVE-2023-25659
https://nvd.nist.gov/vuln/detail/CVE-2023-25658
Still have to mark the
-binvariant insecure as we can't patch that.Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)