public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Sandro <devel@penguinpee.nl>
To: git-commits@fedoraproject.org
Subject: [rpms/onnx] test-1.21.0: Update to 1.17.0 (RHBZ#2235011)
Date: Mon, 08 Jun 2026 15:18:23 GMT [thread overview]
Message-ID: <178093190320.1.15560401931607894410.rpms-onnx-4de8a450afd8@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/onnx
Branch : test-1.21.0
Commit : 4de8a450afd87b1ba1931f50d841e9c50b63d8a0
Author : Sandro <devel@penguinpee.nl>
Date : 2024-10-25T15:07:08+02:00
Stats : +116/-593 in 11 file(s)
URL : https://src.fedoraproject.org/rpms/onnx/c/4de8a450afd87b1ba1931f50d841e9c50b63d8a0?branch=test-1.21.0
Log:
Update to 1.17.0 (RHBZ#2235011)
- Add support for NumPy 2.x
---
diff --git a/.gitignore b/.gitignore
index 8369574..7a219dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
/onnx-1.14.0.tar.gz
/onnx-1.14.1.tar.gz
/onnx-1.15.0.tar.gz
+/onnx-1.17.0.tar.gz
diff --git a/0001-Add-what-is-missing-to-run-tox-disable-tests-that-re.patch b/0001-Add-what-is-missing-to-run-tox-disable-tests-that-re.patch
deleted file mode 100644
index cae0b44..0000000
--- a/0001-Add-what-is-missing-to-run-tox-disable-tests-that-re.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From aeae70249db9f93a6e279277e57fe8192abdf14e Mon Sep 17 00:00:00 2001
-From: Alejandro Alvarez Ayllon <a.alvarezayllon@gmail.com>
-Date: Sat, 24 Feb 2024 14:48:58 +0100
-Subject: [PATCH 1/6] Add what is missing to run tox, disable tests that
- require network
-
----
- setup.cfg | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/pyproject.toml b/pyproject.toml
-index 08b47ec6..b41056de 100644
---- a/pyproject.toml
-+++ b/pyproject.toml
-@@ -43,12 +43,21 @@ onnx = [
- "backend/test/data/**/*",
- ]
-
-+[tool.tox]
-+legacy_tox_ini = """
-+[tox]
-+envlist=py312
-+
-+[testenv]
-+deps=pytest
-+commands=pytest
-+"""
-+
- [tool.pytest.ini_options]
-
--addopts = "--nbval --nbval-current-env"
-+addopts = "--ignore=onnx/test/test_backend_test.py --ignore=onnx/test/reference_evaluator_backend_test.py --ignore=onnx/test/test_backend_reference.py --ignore=onnx/test/test_backend_onnxruntime.py --ignore=onnx/test/reference_evaluator_test.py"
- testpaths = [
- "onnx/test",
-- "onnx/examples",
- ]
-
- [tool.mypy]
diff --git a/0002-Build-shared-libraries-and-fix-install-location.patch b/0002-Build-shared-libraries-and-fix-install-location.patch
new file mode 100644
index 0000000..0d140bf
--- /dev/null
+++ b/0002-Build-shared-libraries-and-fix-install-location.patch
@@ -0,0 +1,73 @@
+From 057080c775b2dedcbc6308b04efe8bed8cdd27c7 Mon Sep 17 00:00:00 2001
+From: Alejandro Alvarez Ayllon <a.alvarezayllon@gmail.com>
+Date: Sat, 24 Feb 2024 14:48:45 +0100
+Subject: [PATCH 1/4] Build shared libraries and fix install location
+
+---
+ CMakeLists.txt | 22 ++++++++++++++++++++--
+ 1 file changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index d15d97ed..d6e04d2e 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -466,7 +466,7 @@ list(REMOVE_ITEM __tmp_srcs "${ONNX_ROOT}/onnx/cpp2py_export.cc")
+ list(REMOVE_ITEM __tmp_srcs ${onnx_gtests_src})
+ list(APPEND ONNX_SRCS ${__tmp_srcs})
+
+-add_library(onnx_proto ${ONNX_PROTO_SRCS} ${ONNX_PROTO_HDRS})
++add_library(onnx_proto SHARED ${ONNX_PROTO_SRCS} ${ONNX_PROTO_HDRS})
+ add_dependencies(onnx_proto gen_onnx_operators_proto gen_onnx_data_proto)
+ target_include_directories(onnx_proto PUBLIC
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
+@@ -499,6 +499,8 @@ else()
+ set(ONNX_API_DEFINE "-DONNX_API=__attribute__\(\(__visibility__\(\"default\"\)\)\)")
+ set_target_properties(onnx_proto PROPERTIES CXX_VISIBILITY_PRESET hidden)
+ set_target_properties(onnx_proto PROPERTIES VISIBILITY_INLINES_HIDDEN 1)
++ set_target_properties(onnx_proto PROPERTIES VERSION ${ONNX_VERSION}
++ SOVERSION ${ONNX_VERSION})
+ endif()
+ target_compile_definitions(onnx_proto PRIVATE ${ONNX_API_DEFINE})
+
+@@ -522,7 +524,9 @@ if(CMAKE_SYSTEM_NAME STREQUAL "AIX")
+ # So, create a object library
+ add_library(onnx OBJECT ${ONNX_SRCS})
+ else()
+- add_library(onnx ${ONNX_SRCS})
++ add_library(onnx SHARED ${ONNX_SRCS})
++ set_target_properties(onnx PROPERTIES VERSION ${ONNX_VERSION}
++ SOVERSION ${ONNX_VERSION})
+ endif()
+
+ target_include_directories(onnx PUBLIC
+@@ -689,6 +693,17 @@ install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/onnx
+ FILES_MATCHING
+ PATTERN "*.h")
+
++install(DIRECTORY ${ONNX_ROOT}/onnx
++ DESTINATION "${PY_SITEARCH}"
++ FILES_MATCHING
++ PATTERN "*.py"
++ PATTERN "test/*" EXCLUDE )
++install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/onnx
++ DESTINATION "${PY_SITEARCH}"
++ FILES_MATCHING
++ PATTERN "*.py"
++ PATTERN "test/*" EXCLUDE )
++
+ configure_file(
+ ${PROJECT_SOURCE_DIR}/cmake/ONNXConfigVersion.cmake.in
+ ${PROJECT_BINARY_DIR}/ONNXConfigVersion.cmake
+@@ -747,6 +762,9 @@ endif()
+ install(TARGETS
+ onnx onnx_proto
+ EXPORT ONNXTargets DESTINATION ${CMAKE_INSTALL_LIBDIR})
++install(TARGETS
++ onnx_cpp2py_export
++ DESTINATION "${PY_SITEARCH}/onnx")
+
+ if(ONNX_BUILD_TESTS)
+ include(${ONNX_ROOT}/cmake/unittest.cmake)
+--
+2.46.2
+
diff --git a/0002-Use-system-protobuf-and-require-parameterized.patch b/0002-Use-system-protobuf-and-require-parameterized.patch
index 46ec867..6fe771f 100644
--- a/0002-Use-system-protobuf-and-require-parameterized.patch
+++ b/0002-Use-system-protobuf-and-require-parameterized.patch
@@ -1,22 +1,21 @@
-From c473c1da2c99ce46ccd8e23f40b963e36a09b918 Mon Sep 17 00:00:00 2001
+From 30745ee623fb1fe7531d6399e54b5ffe411446f5 Mon Sep 17 00:00:00 2001
From: Alejandro Alvarez Ayllon <a.alvarezayllon@gmail.com>
Date: Sat, 24 Feb 2024 14:52:25 +0100
-Subject: [PATCH 2/6] Use system protobuf and require parameterized
+Subject: [PATCH 2/4] Use system protobuf and require parameterized
---
- requirements.txt | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+ requirements.txt | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/requirements.txt b/requirements.txt
-index 115d48af..1f63e29e 100644
+index 7f3a9ad0..46dd7f7f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,3 @@
- numpy
+ numpy>=1.20
-protobuf>=3.20.2
+protobuf >= 3.14.0, < 4
+parameterized >= 0.8.1, < 1
-
--
-2.43.0
+2.46.2
diff --git a/0003-Let-pyproject_wheel-use-binaries-from-cmake_build.patch b/0003-Let-pyproject_wheel-use-binaries-from-cmake_build.patch
index ba4c067..269169b 100644
--- a/0003-Let-pyproject_wheel-use-binaries-from-cmake_build.patch
+++ b/0003-Let-pyproject_wheel-use-binaries-from-cmake_build.patch
@@ -1,17 +1,17 @@
-From 70163ab2db43137150e4f98448a9215c40da0f27 Mon Sep 17 00:00:00 2001
+From 75e1082f2d17c2c2ccb3c38b429fa24a4b45bbea Mon Sep 17 00:00:00 2001
From: Alejandro Alvarez Ayllon <a.alvarezayllon@gmail.com>
Date: Sat, 24 Feb 2024 14:53:10 +0100
-Subject: [PATCH 3/6] Let pyproject_wheel use binaries from cmake_build
+Subject: [PATCH 3/4] Let pyproject_wheel use binaries from cmake_build
---
- setup.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ setup.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
-index 40b93e3e..3141201b 100644
+index 7d2cb9e5..af9049a1 100644
--- a/setup.py
+++ b/setup.py
-@@ -26,7 +26,7 @@ import setuptools.command.build_py
+@@ -27,7 +27,7 @@ import setuptools.command.build_py
import setuptools.command.develop
TOP_DIR = os.path.realpath(os.path.dirname(__file__))
@@ -20,7 +20,7 @@ index 40b93e3e..3141201b 100644
WINDOWS = os.name == "nt"
-@@ -156,6 +156,7 @@ class CmakeBuild(setuptools.Command):
+@@ -151,6 +151,7 @@ class CmakeBuild(setuptools.Command):
self.jobs = multiprocessing.cpu_count() if self.jobs is None else int(self.jobs)
def run(self):
@@ -29,5 +29,5 @@ index 40b93e3e..3141201b 100644
with cd(CMAKE_BUILD_DIR):
--
-2.43.0
+2.46.2
diff --git a/0004-Add-fixes-for-use-with-onnxruntime.patch b/0004-Add-fixes-for-use-with-onnxruntime.patch
index 4bb113f..68b4c6d 100644
--- a/0004-Add-fixes-for-use-with-onnxruntime.patch
+++ b/0004-Add-fixes-for-use-with-onnxruntime.patch
@@ -1,7 +1,7 @@
-From d56561394732a980e2b2d643e323151862ea93ff Mon Sep 17 00:00:00 2001
+From 9809f77792517d0ace2874a84a181e8fe3766d8d Mon Sep 17 00:00:00 2001
From: Alejandro Alvarez Ayllon <a.alvarezayllon@gmail.com>
Date: Sat, 24 Feb 2024 14:53:33 +0100
-Subject: [PATCH 4/6] Add fixes for use with onnxruntime
+Subject: [PATCH 4/4] Add fixes for use with onnxruntime
---
onnx/defs/schema.cc | 14 ++++++++++++++
@@ -10,10 +10,10 @@ Subject: [PATCH 4/6] Add fixes for use with onnxruntime
create mode 100644 onnx/onnxruntime_fix.h
diff --git a/onnx/defs/schema.cc b/onnx/defs/schema.cc
-index 813cd07a..9faaba21 100644
+index 74bd0a63..573d0901 100644
--- a/onnx/defs/schema.cc
+++ b/onnx/defs/schema.cc
-@@ -19,8 +19,19 @@
+@@ -21,8 +21,19 @@
#include "onnx/common/assertions.h"
#include "onnx/defs/parser.h"
@@ -33,7 +33,7 @@ index 813cd07a..9faaba21 100644
// -1 means ONNX schema hasn't been loaded yet
// 0 means all versions of ONNX schema have been loaded
// Other positive integer means the ONNX schemas for the specified version have been loaded
-@@ -1053,6 +1064,9 @@ OpName_Domain_Version_Schema_Map& OpSchemaRegistry::map() {
+@@ -1091,6 +1102,9 @@ OpName_Domain_Version_Schema_Map& OpSchemaRegistry::map() {
class SchemasRegisterer {
public:
SchemasRegisterer() {
@@ -63,3 +63,6 @@ index 00000000..2495b931
+};
+
+} // namespace ONNX_NAMESPACE
+--
+2.46.2
+
diff --git a/0005-Fix-path-sanitization-bypass-leading-to-arbitrary-re.patch b/0005-Fix-path-sanitization-bypass-leading-to-arbitrary-re.patch
deleted file mode 100644
index 8071b9f..0000000
--- a/0005-Fix-path-sanitization-bypass-leading-to-arbitrary-re.patch
+++ /dev/null
@@ -1,378 +0,0 @@
-From da2c24b4a9ae802efe8768962308c784cda871e2 Mon Sep 17 00:00:00 2001
-From: liqun Fu <liqfu@microsoft.com>
-Date: Mon, 19 Feb 2024 11:12:40 -0800
-Subject: [PATCH 5/6] Fix path sanitization bypass leading to arbitrary read
- (#5917)
-
-Signed-off-by: liqunfu <liqun.fu@microsoft.com>
-Signed-off-by: liqun Fu <liqun.fu@microsoft.com>
-Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
-(cherry picked from commit 66b7fb630903fdcf3e83b6b6d56d82e904264a20)
----
- onnx/checker.cc | 168 +++++++++++++++++---------------
- onnx/checker.h | 5 +
- onnx/common/path.h | 15 ++-
- onnx/cpp2py_export.cc | 2 +
- onnx/external_data_helper.py | 15 +--
- onnx/test/test_external_data.py | 49 ++++++++++
- 6 files changed, 161 insertions(+), 93 deletions(-)
-
-diff --git a/onnx/checker.cc b/onnx/checker.cc
-index fac56f56..66716e97 100644
---- a/onnx/checker.cc
-+++ b/onnx/checker.cc
-@@ -13,7 +13,6 @@
- #include <vector>
-
- #include "onnx/common/file_utils.h"
--#include "onnx/common/path.h"
- #include "onnx/defs/schema.h"
- #include "onnx/defs/tensor_proto_util.h"
- #include "onnx/proto_utils.h"
-@@ -135,85 +134,7 @@ void check_tensor(const TensorProto& tensor, const CheckerContext& ctx) {
- for (const StringStringEntryProto& entry : tensor.external_data()) {
- if (entry.has_key() && entry.has_value() && entry.key() == "location") {
- has_location = true;
--#ifdef _WIN32
-- auto file_path = std::filesystem::path(utf8str_to_wstring(entry.value()));
-- if (file_path.is_absolute()) {
-- fail_check(
-- "Location of external TensorProto ( tensor name: ",
-- tensor.name(),
-- ") should be a relative path, but it is an absolute path: ",
-- entry.value());
-- }
-- auto relative_path = file_path.lexically_normal().make_preferred().wstring();
-- // Check that normalized relative path contains ".." on Windows.
-- if (relative_path.find(L"..", 0) != std::string::npos) {
-- fail_check(
-- "Data of TensorProto ( tensor name: ",
-- tensor.name(),
-- ") should be file inside the ",
-- ctx.get_model_dir(),
-- ", but the '",
-- entry.value(),
-- "' points outside the directory");
-- }
-- std::wstring data_path = path_join(utf8str_to_wstring(ctx.get_model_dir()), relative_path);
-- struct _stat64 buff;
-- if (_wstat64(data_path.c_str(), &buff) != 0) {
-- fail_check(
-- "Data of TensorProto ( tensor name: ",
-- tensor.name(),
-- ") should be stored in ",
-- entry.value(),
-- ", but it doesn't exist or is not accessible.");
-- }
--#else // POSIX
-- if (entry.value().empty()) {
-- fail_check("Location of external TensorProto ( tensor name: ", tensor.name(), ") should not be empty.");
-- } else if (entry.value()[0] == '/') {
-- fail_check(
-- "Location of external TensorProto ( tensor name: ",
-- tensor.name(),
-- ") should be a relative path, but it is an absolute path: ",
-- entry.value());
-- }
-- std::string relative_path = clean_relative_path(entry.value());
-- // Check that normalized relative path contains ".." on POSIX
-- if (relative_path.find("..", 0) != std::string::npos) {
-- fail_check(
-- "Data of TensorProto ( tensor name: ",
-- tensor.name(),
-- ") should be file inside the ",
-- ctx.get_model_dir(),
-- ", but the '",
-- entry.value(),
-- "' points outside the directory");
-- }
-- std::string data_path = path_join(ctx.get_model_dir(), relative_path);
-- // use stat64 to check whether the file exists
--#if defined(__APPLE__) || defined(__wasm__) || !defined(__GLIBC__)
-- struct stat buffer; // APPLE, wasm and non-glic stdlibs do not have stat64
-- if (stat((data_path).c_str(), &buffer) != 0) {
--#else
-- struct stat64 buffer; // All POSIX under glibc except APPLE and wasm have stat64
-- if (stat64((data_path).c_str(), &buffer) != 0) {
--#endif
-- fail_check(
-- "Data of TensorProto ( tensor name: ",
-- tensor.name(),
-- ") should be stored in ",
-- data_path,
-- ", but it doesn't exist or is not accessible.");
-- }
-- // Do not allow symlinks or directories.
-- if (!S_ISREG(buffer.st_mode)) {
-- fail_check(
-- "Data of TensorProto ( tensor name: ",
-- tensor.name(),
-- ") should be stored in ",
-- data_path,
-- ", but it is not regular file.");
-- }
--#endif
-+ resolve_external_data_location(ctx.get_model_dir(), entry.value(), tensor.name());
- }
- }
- if (!has_location) {
-@@ -1054,6 +975,93 @@ void check_model(const ModelProto& model, bool full_check, bool skip_opset_compa
- }
- }
-
-+std::string resolve_external_data_location(
-+ const std::string& base_dir,
-+ const std::string& location,
-+ const std::string& tensor_name) {
-+#ifdef _WIN32
-+ auto file_path = std::filesystem::path(utf8str_to_wstring(location));
-+ if (file_path.is_absolute()) {
-+ fail_check(
-+ "Location of external TensorProto ( tensor name: ",
-+ tensor_name,
-+ ") should be a relative path, but it is an absolute path: ",
-+ location);
-+ }
-+ auto relative_path = file_path.lexically_normal().make_preferred().wstring();
-+ // Check that normalized relative path contains ".." on Windows.
-+ if (relative_path.find(L"..", 0) != std::string::npos) {
-+ fail_check(
-+ "Data of TensorProto ( tensor name: ",
-+ tensor_name,
-+ ") should be file inside the ",
-+ base_dir,
-+ ", but the '",
-+ location,
-+ "' points outside the directory");
-+ }
-+ std::wstring data_path = path_join(utf8str_to_wstring(base_dir), relative_path);
-+ struct _stat64 buff;
-+ if (data_path.empty() || (data_path[0] != '#' && _wstat64(data_path.c_str(), &buff) != 0)) {
-+ fail_check(
-+ "Data of TensorProto ( tensor name: ",
-+ tensor_name,
-+ ") should be stored in ",
-+ location,
-+ ", but it doesn't exist or is not accessible.");
-+ }
-+ return wstring_to_utf8str(data_path);
-+#else // POSIX
-+ if (location.empty()) {
-+ fail_check("Location of external TensorProto ( tensor name: ", tensor_name, ") should not be empty.");
-+ } else if (location[0] == '/') {
-+ fail_check(
-+ "Location of external TensorProto ( tensor name: ",
-+ tensor_name,
-+ ") should be a relative path, but it is an absolute path: ",
-+ location);
-+ }
-+ std::string relative_path = clean_relative_path(location);
-+ // Check that normalized relative path contains ".." on POSIX
-+ if (relative_path.find("..", 0) != std::string::npos) {
-+ fail_check(
-+ "Data of TensorProto ( tensor name: ",
-+ tensor_name,
-+ ") should be file inside the ",
-+ base_dir,
-+ ", but the '",
-+ location,
-+ "' points outside the directory");
-+ }
-+ std::string data_path = path_join(base_dir, relative_path);
-+ // use stat64 to check whether the file exists
-+#if defined(__APPLE__) || defined(__wasm__) || !defined(__GLIBC__)
-+ struct stat buffer; // APPLE, wasm and non-glic stdlibs do not have stat64
-+ if (data_path.empty() || (data_path[0] != '#' && stat((data_path).c_str(), &buffer) != 0)) {
-+#else
-+ struct stat64 buffer; // All POSIX under glibc except APPLE and wasm have stat64
-+ if (data_path.empty() || (data_path[0] != '#' && stat64((data_path).c_str(), &buffer) != 0)) {
-+#endif
-+ fail_check(
-+ "Data of TensorProto ( tensor name: ",
-+ tensor_name,
-+ ") should be stored in ",
-+ data_path,
-+ ", but it doesn't exist or is not accessible.");
-+ }
-+ // Do not allow symlinks or directories.
-+ if (data_path.empty() || (data_path[0] != '#' && !S_ISREG(buffer.st_mode))) {
-+ fail_check(
-+ "Data of TensorProto ( tensor name: ",
-+ tensor_name,
-+ ") should be stored in ",
-+ data_path,
-+ ", but it is not regular file.");
-+ }
-+ return data_path;
-+#endif
-+}
-+
- std::set<std::string> experimental_ops = {
- "ATen",
- "Affine",
-diff --git a/onnx/checker.h b/onnx/checker.h
-index 6796acab..83012213 100644
---- a/onnx/checker.h
-+++ b/onnx/checker.h
-@@ -160,7 +160,10 @@ void check_model_local_functions(
-
- void check_model(const ModelProto& model, bool full_check = false, bool skip_opset_compatibility_check = false);
- void check_model(const std::string& model_path, bool full_check = false, bool skip_opset_compatibility_check = false);
--
-+std::string resolve_external_data_location(
-+ const std::string& base_dir,
-+ const std::string& location,
-+ const std::string& tensor_name);
- bool check_is_experimental_op(const NodeProto& node);
-
- } // namespace checker
-diff --git a/onnx/common/path.h b/onnx/common/path.h
-index 6eaf5e67..09212747 100644
---- a/onnx/common/path.h
-+++ b/onnx/common/path.h
-@@ -31,11 +31,22 @@ inline std::wstring utf8str_to_wstring(const std::string& utf8str) {
- if (utf8str.size() > INT_MAX) {
- fail_check("utf8str_to_wstring: string is too long for converting to wstring.");
- }
-- int size_required = MultiByteToWideChar(CP_UTF8, 0, utf8str.c_str(), (int)utf8str.size(), NULL, 0);
-+ int size_required = MultiByteToWideChar(CP_UTF8, 0, utf8str.c_str(), static_cast<int>(utf8str.size()), NULL, 0);
- std::wstring ws_str(size_required, 0);
-- MultiByteToWideChar(CP_UTF8, 0, utf8str.c_str(), (int)utf8str.size(), &ws_str[0], size_required);
-+ MultiByteToWideChar(CP_UTF8, 0, utf8str.c_str(), static_cast<int>(utf8str.size()), &ws_str[0], size_required);
- return ws_str;
- }
-+inline std::string wstring_to_utf8str(const std::wstring& ws_str) {
-+ if (ws_str.size() > INT_MAX) {
-+ fail_check("wstring_to_utf8str: string is too long for converting to UTF-8.");
-+ }
-+ int size_required =
-+ WideCharToMultiByte(CP_UTF8, 0, ws_str.c_str(), static_cast<int>(ws_str.size()), NULL, 0, NULL, NULL);
-+ std::string utf8str(size_required, 0);
-+ WideCharToMultiByte(
-+ CP_UTF8, 0, ws_str.c_str(), static_cast<int>(ws_str.size()), &utf8str[0], size_required, NULL, NULL);
-+ return utf8str;
-+}
-
- #else
- std::string path_join(const std::string& origin, const std::string& append);
-diff --git a/onnx/cpp2py_export.cc b/onnx/cpp2py_export.cc
-index bc2594db..83cea68f 100644
---- a/onnx/cpp2py_export.cc
-+++ b/onnx/cpp2py_export.cc
-@@ -545,6 +545,8 @@ PYBIND11_MODULE(onnx_cpp2py_export, onnx_cpp2py_export) {
- "full_check"_a = false,
- "skip_opset_compatibility_check"_a = false);
-
-+ checker.def("_resolve_external_data_location", &checker::resolve_external_data_location);
-+
- // Submodule `version_converter`
- auto version_converter = onnx_cpp2py_export.def_submodule("version_converter");
- version_converter.doc() = "VersionConverter submodule";
-diff --git a/onnx/external_data_helper.py b/onnx/external_data_helper.py
-index bbc2717f..05c486c6 100644
---- a/onnx/external_data_helper.py
-+++ b/onnx/external_data_helper.py
-@@ -8,6 +8,7 @@ import uuid
- from itertools import chain
- from typing import Callable, Iterable, Optional
-
-+import onnx.onnx_cpp2py_export.checker as c_checker
- from onnx.onnx_pb import AttributeProto, GraphProto, ModelProto, TensorProto
-
-
-@@ -39,9 +40,9 @@ def load_external_data_for_tensor(tensor: TensorProto, base_dir: str) -> None:
- base_dir: directory that contains the external data.
- """
- info = ExternalDataInfo(tensor)
-- file_location = _sanitize_path(info.location)
-- external_data_file_path = os.path.join(base_dir, file_location)
--
-+ external_data_file_path = c_checker._resolve_external_data_location( # type: ignore[attr-defined]
-+ base_dir, info.location, tensor.name
-+ )
- with open(external_data_file_path, "rb") as data_file:
- if info.offset:
- data_file.seek(info.offset)
-@@ -259,14 +260,6 @@ def _get_attribute_tensors(onnx_model_proto: ModelProto) -> Iterable[TensorProto
- yield from _get_attribute_tensors_from_graph(onnx_model_proto.graph)
-
-
--def _sanitize_path(path: str) -> str:
-- """Remove path components which would allow traversing up a directory tree from a base path.
--
-- Note: This method is currently very basic and should be expanded.
-- """
-- return path.lstrip("/.")
--
--
- def _is_valid_filename(filename: str) -> bool:
- """Utility to check whether the provided filename is valid."""
- exp = re.compile('^[^<>:;,?"*|/]+$')
-diff --git a/onnx/test/test_external_data.py b/onnx/test/test_external_data.py
-index 63f6b4ef..bb14d279 100644
---- a/onnx/test/test_external_data.py
-+++ b/onnx/test/test_external_data.py
-@@ -3,6 +3,7 @@
- # SPDX-License-Identifier: Apache-2.0
- from __future__ import annotations
-
-+import itertools
- import os
- import pathlib
- import tempfile
-@@ -204,6 +205,52 @@ class TestLoadExternalDataSingleFile(TestLoadExternalDataBase):
- attribute_tensor = new_model.graph.node[0].attribute[0].t
- np.testing.assert_allclose(to_array(attribute_tensor), self.attribute_value)
-
-+ @parameterized.parameterized.expand(itertools.product((True, False), (True, False)))
-+ def test_save_external_invalid_single_file_data_and_check(
-+ self, use_absolute_path: bool, use_model_path: bool
-+ ) -> None:
-+ model = onnx.load_model(self.model_filename, self.serialization_format)
-+
-+ model_dir = os.path.join(self.temp_dir, "save_copy")
-+ os.mkdir(model_dir)
-+
-+ traversal_external_data_dir = os.path.join(
-+ self.temp_dir, "invlid_external_data"
-+ )
-+ os.mkdir(traversal_external_data_dir)
-+
-+ if use_absolute_path:
-+ traversal_external_data_location = os.path.join(
-+ traversal_external_data_dir, "tensors.bin"
-+ )
-+ else:
-+ traversal_external_data_location = "../invlid_external_data/tensors.bin"
-+
-+ external_data_dir = os.path.join(self.temp_dir, "external_data")
-+ os.mkdir(external_data_dir)
-+ new_model_filepath = os.path.join(model_dir, "model.onnx")
-+
-+ def convert_model_to_external_data_no_check(model: ModelProto, location: str):
-+ for tensor in model.graph.initializer:
-+ if tensor.HasField("raw_data"):
-+ set_external_data(tensor, location)
-+
-+ convert_model_to_external_data_no_check(
-+ model,
-+ location=traversal_external_data_location,
-+ )
-+
-+ onnx.save_model(model, new_model_filepath, self.serialization_format)
-+ if use_model_path:
-+ with self.assertRaises(onnx.checker.ValidationError):
-+ _ = onnx.load_model(new_model_filepath, self.serialization_format)
-+ else:
-+ onnx_model = onnx.load_model(
-+ new_model_filepath, self.serialization_format, load_external_data=False
-+ )
-+ with self.assertRaises(onnx.checker.ValidationError):
-+ load_external_data_for_model(onnx_model, external_data_dir)
-+
-
- @parameterized.parameterized_class(
- [
---
-2.43.0
-
diff --git a/0006-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch b/0006-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch
deleted file mode 100644
index c659dd2..0000000
--- a/0006-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 69502bca61dafaa40b4315ea1cb03db96ae55304 Mon Sep 17 00:00:00 2001
-From: liqun Fu <liqfu@microsoft.com>
-Date: Fri, 9 Feb 2024 14:45:49 -0800
-Subject: [PATCH 6/6] Fix Out of bounds read due to lack of string termination
- in assert (#5918)
-
-Signed-off-by: liqunfu <liqun.fu@microsoft.com>
-Co-authored-by: G. Ramalingam <grama@microsoft.com>
-(cherry picked from commit 08a399ba75a805b7813ab8936b91d0e274b08287)
----
- onnx/common/assertions.cc | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/onnx/common/assertions.cc b/onnx/common/assertions.cc
-index 29c07ba0..7675c453 100644
---- a/onnx/common/assertions.cc
-+++ b/onnx/common/assertions.cc
-@@ -9,6 +9,7 @@
-
- #include "onnx/common/assertions.h"
-
-+#include <array>
- #include <cstdarg>
- #include <cstdio>
-
-@@ -17,16 +18,20 @@
- namespace ONNX_NAMESPACE {
-
- std::string barf(const char* fmt, ...) {
-- char msg[2048];
-+ constexpr size_t buffer_size = 2048;
-+ std::array<char, buffer_size> msg{};
- va_list args;
-
- va_start(args, fmt);
-- // Although vsnprintf might have vulnerability issue while using format string with overflowed length,
-- // it should be safe here to use fixed length for buffer "msg". No further checking is needed.
-- vsnprintf(msg, 2048, fmt, args);
-+
-+ // use fixed length for buffer "msg" to avoid buffer overflow
-+ vsnprintf(static_cast<char*>(msg.data()), msg.size() - 1, fmt, args);
-+
-+ // ensure null-terminated string to avoid out of bounds read
-+ msg.back() = '\0';
- va_end(args);
-
-- return std::string(msg);
-+ return std::string(msg.data());
- }
-
- void throw_assert_error(std::string& msg) {
---
-2.43.0
-
diff --git a/0007-Mitigate-tarball-directory-traversal-risks-6164.patch b/0007-Mitigate-tarball-directory-traversal-risks-6164.patch
deleted file mode 100644
index b64086b..0000000
--- a/0007-Mitigate-tarball-directory-traversal-risks-6164.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From dd0a5b8b4ede6b27a51f571bb5587e075b8b1c20 Mon Sep 17 00:00:00 2001
-From: sunflowersxu <166728538+sunflowersxu@users.noreply.github.com>
-Date: Thu, 13 Jun 2024 01:47:14 +0800
-Subject: [PATCH 7/7] Mitigate tarball directory traversal risks (#6164)
-
-Hi, this pr is cleaner version than #6145
-
-Signed-off-by: sunriseXu <15927176697@163.com>
-Co-authored-by: sunriseXu <15927176697@163.com>
-Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
-(cherry picked from commit 3fc3845edb048df559aa2a839e39e95503a0ee34)
----
- onnx/hub.py | 43 ++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 42 insertions(+), 1 deletion(-)
-
-diff --git a/onnx/hub.py b/onnx/hub.py
-index e5ca9e2c..d27bbc78 100644
---- a/onnx/hub.py
-+++ b/onnx/hub.py
-@@ -271,6 +271,35 @@ def load(
- return onnx.load(cast(IO[bytes], BytesIO(model_bytes)))
-
-
-+def _tar_members_filter(tar: tarfile.TarFile, base: str) -> list[tarfile.TarInfo]:
-+ """Check that the content of ``tar`` will be extracted safely
-+
-+ Args:
-+ tar: The tarball file
-+ base: The directory where the tarball will be extracted
-+
-+ Returns:
-+ list of tarball members
-+ """
-+ result = []
-+ for member in tar:
-+ member_path = os.path.join(base, member.name)
-+ abs_base = os.path.abspath(base)
-+ abs_member = os.path.abspath(member_path)
-+ if not abs_member.startswith(abs_base):
-+ raise RuntimeError(
-+ f"The tarball member {member_path} in downloading model contains "
-+ f"directory traversal sequence which may contain harmful payload."
-+ )
-+ elif member.issym() or member.islnk():
-+ raise RuntimeError(
-+ f"The tarball member {member_path} in downloading model contains "
-+ f"symbolic links which may contain harmful payload."
-+ )
-+ result.append(member)
-+ return result
-+
-+
- def download_model_with_test_data(
- model: str,
- repo: str = "onnx/models:main",
-@@ -280,6 +309,7 @@ def download_model_with_test_data(
- ) -> Optional[str]:
- """
- Downloads a model along with test data by name from the onnx model hub and returns the directory to which the files have been extracted.
-+ Users are responsible for making sure the model comes from a trusted source, and the data is safe to be extracted.
-
- :param model: The name of the onnx model in the manifest. This field is case-sensitive
- :param repo: The location of the model repo in format "user/repo[:branch]".
-@@ -342,7 +372,18 @@ def download_model_with_test_data(
- local_model_with_data_dir_path = local_model_with_data_path[
- 0 : len(local_model_with_data_path) - 7
- ]
-- model_with_data_zipped.extractall(local_model_with_data_dir_path)
-+ # Mitigate tarball directory traversal risks
-+ if hasattr(tarfile, "data_filter"):
-+ model_with_data_zipped.extractall(
-+ path=local_model_with_data_dir_path, filter="data"
-+ )
-+ else:
-+ model_with_data_zipped.extractall(
-+ path=local_model_with_data_dir_path,
-+ members=_tar_members_filter(
-+ model_with_data_zipped, local_model_with_data_dir_path
-+ ),
-+ )
- model_with_data_path = (
- local_model_with_data_dir_path
- + "/"
---
-2.45.2
-
diff --git a/onnx.spec b/onnx.spec
index ad51c87..426e861 100644
--- a/onnx.spec
+++ b/onnx.spec
@@ -1,6 +1,6 @@
Name: onnx
-Version: 1.15.0
-Release: 4%{?dist}
+Version: 1.17.0
+Release: 1%{?dist}
Summary: Open standard for machine learning interoperability
License: Apache-2.0
@@ -8,20 +8,12 @@ URL: https://github.com/onnx/onnx
Source0: https://github.com/onnx/onnx/archive/v%{version}/%{name}-%{version}.tar.gz
# Build shared libraries and fix install location
Patch0: 0000-Build-shared-libraries-and-fix-install-location.patch
-# Add what is missing to run tox, disable tests that require network
-Patch1: 0001-Add-what-is-missing-to-run-tox-disable-tests-that-re.patch
# Use system protobuf and require parameterized
Patch2: 0002-Use-system-protobuf-and-require-parameterized.patch
# Let pyproject_wheel use binaries from cmake_build
Patch3: 0003-Let-pyproject_wheel-use-binaries-from-cmake_build.patch
# Add fixes for use with onnxruntime
Patch4: 0004-Add-fixes-for-use-with-onnxruntime.patch
-# Backport of fix for CVE-2024-27318
-Patch5: 0005-Fix-path-sanitization-bypass-leading-to-arbitrary-re.patch
-# Backport of fix for CVE-2024-27319
-Patch6: 0006-Fix-Out-of-bounds-read-due-to-lack-of-string-termina.patch
-# Backport of fix for CVE-2024-5187
-Patch7: 0007-Mitigate-tarball-directory-traversal-risks-6164.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2212096
ExcludeArch: s390x
@@ -35,6 +27,7 @@ BuildRequires: zlib-devel
BuildRequires: python3-devel
BuildRequires: python3-pip
BuildRequires: python3-pybind11
+BuildRequires: python3-pytest
BuildRequires: protobuf-devel
%global _description %{expand:
@@ -64,8 +57,17 @@ Requires: %{name}-libs = %{version}-%{release}
%prep
%autosetup -p1 -n onnx-%{version}
+# Use system protobuf
+sed -r -i 's/protobuf>=3.20.2/protobuf>=3.14.0/' pyproject.toml
+
+# Drop nbval options from pytest. Plugin is not available in Fedora.
+sed -r \
+ -e 's/--nbval //' \
+ -e 's/--nbval-current-env //' \
+ -i pyproject.toml
+
%generate_buildrequires
-%pyproject_buildrequires -t
+%pyproject_buildrequires -t requirements-reference.txt
%build
%cmake \
@@ -96,7 +98,7 @@ install -p "./onnx/"*.proto -t "%{buildroot}/%{_includedir}/onnx/"
%check
export LD_LIBRARY_PATH=%{buildroot}/%{_libdir}
-%tox
+%pytest
%files libs
%license LICENSE
@@ -116,6 +118,10 @@ export LD_LIBRARY_PATH=%{buildroot}/%{_libdir}
%{_bindir}/check-node
%changelog
+* Fri Oct 25 2024 Sandro <devel@penguinpee.nl> - 1.17.0-1
+- Update to 1.17.0 (RHBZ#2235011)
+- Add support for NumPy 2.x
+
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
@@ -175,4 +181,3 @@ export LD_LIBRARY_PATH=%{buildroot}/%{_libdir}
* Wed Nov 23 2022 Alejandro Alvarez Ayllon <aalvarez@fedoraproject.org> - 1.12.0-1
- Release 1.12.0
-
diff --git a/sources b/sources
index b065a96..e375b38 100644
--- a/sources
+++ b/sources
@@ -1,3 +1 @@
-SHA512 (onnx-1.14.0.tar.gz) = 8a525b365fd203f0a59bcf82fa7f2e29d7e0563885ebe38269c596cd4eb949bcfc65d848b92b7abafa7ddecedcfc019f8779097ffcb5087f06037cace24462fc
-SHA512 (onnx-1.14.1.tar.gz) = f846fffb286c4aeadc01462f220515f0a5c2ce1cbec849da7092a08c2676f8308af7315318a2866e9182f9aed719984ef95a9ddc69ffe0e62e40664395df5efd
-SHA512 (onnx-1.15.0.tar.gz) = b46a4ab70af88053318eba45251c1f71528f15e45a33042877570e8d857febd3ec66e2e811fcda2105a4f17b84c9a1c6a0aaa22756c3287321b3ea29e83127fd
+SHA512 (onnx-1.17.0.tar.gz) = 5a18e2b19ec9c18c8b115fb7e12ed98eddaa581c95f15c4dd420cd6c86e7caa04f9a393da589e76b89cf9b3544abd3749a8c77c2446782f37502eb74e9b1f661
reply other threads:[~2026-06-08 15:18 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178093190320.1.15560401931607894410.rpms-onnx-4de8a450afd8@fedoraproject.org \
--to=devel@penguinpee.nl \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox