Merge PR "[AUTO-CHERRYPICK] Bug 61292688 : Fix patch for CVE-2026-24747 - branch main" #16153

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>

Author: 4 people

SPECS/pytorch/CVE-2026-24747.patch

@@ -5,16 +5,16 @@ Subject: [PATCH] override SWALR.state_dict and load_state_dict (#163122)
 
 Fixes #163105
 
-- Add typing_extensions.override
 - Use _set_anneal_func to set anneal function
 - Implement state_dict and load_state_dict for SWALR excluding optimizer and anneal_func
 
 Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
 Upstream-reference: AI Backport of https://github.com/pytorch/pytorch/commit/167ad09be5af5c52666759412a3804068c6955d1.patch
+
 ---
  test/test_optim.py       | 16 ++++++++++++++++
- torch/optim/swa_utils.py | 37 +++++++++++++++++++++++++++++++++----
- 2 files changed, 49 insertions(+), 4 deletions(-)
+ torch/optim/swa_utils.py | 35 +++++++++++++++++++++++++++++++----
+ 2 files changed, 47 insertions(+), 4 deletions(-)
 
 diff --git a/test/test_optim.py b/test/test_optim.py
 index 1608478b..d3dd4567 100644
@@ -44,17 +44,17 @@ index 1608478b..d3dd4567 100644
  class SWATestDNN(torch.nn.Module):
      def __init__(self, input_features):
 diff --git a/torch/optim/swa_utils.py b/torch/optim/swa_utils.py
-index dda4b8ad..d18084e2 100644
+index dda4b8ad..abd8128f 100644
 --- a/torch/optim/swa_utils.py
 +++ b/torch/optim/swa_utils.py
-@@ -2,6 +2,7 @@ import itertools
- import math
- from copy import deepcopy
- import warnings
-+from typing_extensions import override
- 
+@@ -6,6 +6,7 @@ import warnings
  import torch
  from torch.nn import Module
+ from torch.optim.lr_scheduler import LRScheduler
++from typing import Any, Literal
+ 
+ __all__ = ['AveragedModel', 'update_bn', 'SWALR']
+ 
 @@ -247,10 +248,7 @@ class SWALR(LRScheduler):
          if anneal_strategy not in ['cos', 'linear']:
              raise ValueError("anneal_strategy must by one of 'cos' or 'linear', "
@@ -67,7 +67,7 @@ index dda4b8ad..d18084e2 100644
          if not isinstance(anneal_epochs, int) or anneal_epochs < 0:
              raise ValueError(f"anneal_epochs must be equal or greater than 0, got {anneal_epochs}")
          self.anneal_epochs = anneal_epochs
-@@ -296,3 +294,34 @@ class SWALR(LRScheduler):
+@@ -296,3 +294,32 @@ class SWALR(LRScheduler):
          alpha = self.anneal_func(t)
          return [group['swa_lr'] * alpha + lr * (1 - alpha)
                  for group, lr in zip(self.optimizer.param_groups, prev_lrs)]
@@ -79,7 +79,6 @@ index dda4b8ad..d18084e2 100644
 +        else:
 +            self.anneal_func = self._linear_anneal
 +
-+    @override
 +    def state_dict(self) -> dict[str, Any]:
 +        """Return the state of the scheduler as a :class:`dict`.
 +
@@ -92,7 +91,6 @@ index dda4b8ad..d18084e2 100644
 +            if key not in ("optimizer", "anneal_func")
 +        }
 +
-+    @override
 +    def load_state_dict(self, state_dict: dict[str, Any]) -> None:
 +        """Load the scheduler's state.
 +
@@ -102,6 +100,7 @@ index dda4b8ad..d18084e2 100644
 +        """
 +        self.__dict__.update(state_dict)
 +        self._set_anneal_func(self._anneal_strategy)
+\ No newline at end of file
 -- 
 2.45.4
 

SPECS/pytorch/pytorch.spec

@@ -2,7 +2,7 @@
 Summary:        Tensors and Dynamic neural networks in Python with strong GPU acceleration.
 Name:           pytorch
 Version:        2.0.0
-Release:        14%{?dist}
+Release:        15%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -97,6 +97,10 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
 %{_docdir}/*
 
 %changelog
+* Thu Mar 05 2026 Kanishk Bansal <kanbansal@microsoft.com> - 2.0.0-15
+- Remove typing_extensions.override usage from CVE-2026-24747 patch to fix
+  ImportError with typing_extensions 4.2.0 (override requires >= 4.4.0)
+
 * Fri Feb 13 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.0.0-14
 - Patch for CVE-2026-0994