Skip to content

Commit 0544132

Browse files
CBL-Mariner-BotKanishk-BansalKanishk Bansaljslobodzian
authored
Merge PR "[AUTO-CHERRYPICK] Bug 61292688 : Fix patch for CVE-2026-24747 - branch main" #16153
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com> Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com> Co-authored-by: jslobodzian <joslobo@microsoft.com>
1 parent 9b3e20f commit 0544132

2 files changed

Lines changed: 17 additions & 14 deletions

File tree

SPECS/pytorch/CVE-2026-24747.patch

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -5,16 +5,16 @@ Subject: [PATCH] override SWALR.state_dict and load_state_dict (#163122)
55

66
Fixes #163105
77

8-
- Add typing_extensions.override
98
- Use _set_anneal_func to set anneal function
109
- Implement state_dict and load_state_dict for SWALR excluding optimizer and anneal_func
1110

1211
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
1312
Upstream-reference: AI Backport of https://github.com/pytorch/pytorch/commit/167ad09be5af5c52666759412a3804068c6955d1.patch
13+
1414
---
1515
test/test_optim.py | 16 ++++++++++++++++
16-
torch/optim/swa_utils.py | 37 +++++++++++++++++++++++++++++++++----
17-
2 files changed, 49 insertions(+), 4 deletions(-)
16+
torch/optim/swa_utils.py | 35 +++++++++++++++++++++++++++++++----
17+
2 files changed, 47 insertions(+), 4 deletions(-)
1818

1919
diff --git a/test/test_optim.py b/test/test_optim.py
2020
index 1608478b..d3dd4567 100644
@@ -44,17 +44,17 @@ index 1608478b..d3dd4567 100644
4444
class SWATestDNN(torch.nn.Module):
4545
def __init__(self, input_features):
4646
diff --git a/torch/optim/swa_utils.py b/torch/optim/swa_utils.py
47-
index dda4b8ad..d18084e2 100644
47+
index dda4b8ad..abd8128f 100644
4848
--- a/torch/optim/swa_utils.py
4949
+++ b/torch/optim/swa_utils.py
50-
@@ -2,6 +2,7 @@ import itertools
51-
import math
52-
from copy import deepcopy
53-
import warnings
54-
+from typing_extensions import override
55-
50+
@@ -6,6 +6,7 @@ import warnings
5651
import torch
5752
from torch.nn import Module
53+
from torch.optim.lr_scheduler import LRScheduler
54+
+from typing import Any, Literal
55+
56+
__all__ = ['AveragedModel', 'update_bn', 'SWALR']
57+
5858
@@ -247,10 +248,7 @@ class SWALR(LRScheduler):
5959
if anneal_strategy not in ['cos', 'linear']:
6060
raise ValueError("anneal_strategy must by one of 'cos' or 'linear', "
@@ -67,7 +67,7 @@ index dda4b8ad..d18084e2 100644
6767
if not isinstance(anneal_epochs, int) or anneal_epochs < 0:
6868
raise ValueError(f"anneal_epochs must be equal or greater than 0, got {anneal_epochs}")
6969
self.anneal_epochs = anneal_epochs
70-
@@ -296,3 +294,34 @@ class SWALR(LRScheduler):
70+
@@ -296,3 +294,32 @@ class SWALR(LRScheduler):
7171
alpha = self.anneal_func(t)
7272
return [group['swa_lr'] * alpha + lr * (1 - alpha)
7373
for group, lr in zip(self.optimizer.param_groups, prev_lrs)]
@@ -79,7 +79,6 @@ index dda4b8ad..d18084e2 100644
7979
+ else:
8080
+ self.anneal_func = self._linear_anneal
8181
+
82-
+ @override
8382
+ def state_dict(self) -> dict[str, Any]:
8483
+ """Return the state of the scheduler as a :class:`dict`.
8584
+
@@ -92,7 +91,6 @@ index dda4b8ad..d18084e2 100644
9291
+ if key not in ("optimizer", "anneal_func")
9392
+ }
9493
+
95-
+ @override
9694
+ def load_state_dict(self, state_dict: dict[str, Any]) -> None:
9795
+ """Load the scheduler's state.
9896
+
@@ -102,6 +100,7 @@ index dda4b8ad..d18084e2 100644
102100
+ """
103101
+ self.__dict__.update(state_dict)
104102
+ self._set_anneal_func(self._anneal_strategy)
103+
\ No newline at end of file
105104
--
106105
2.45.4
107106

SPECS/pytorch/pytorch.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Summary: Tensors and Dynamic neural networks in Python with strong GPU acceleration.
33
Name: pytorch
44
Version: 2.0.0
5-
Release: 14%{?dist}
5+
Release: 15%{?dist}
66
License: BSD-3-Clause
77
Vendor: Microsoft Corporation
88
Distribution: Mariner
@@ -97,6 +97,10 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
9797
%{_docdir}/*
9898

9999
%changelog
100+
* Thu Mar 05 2026 Kanishk Bansal <kanbansal@microsoft.com> - 2.0.0-15
101+
- Remove typing_extensions.override usage from CVE-2026-24747 patch to fix
102+
ImportError with typing_extensions 4.2.0 (override requires >= 4.4.0)
103+
100104
* Fri Feb 13 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.0.0-14
101105
- Patch for CVE-2026-0994
102106

0 commit comments

Comments
 (0)