[AutoPR- Security] Patch keras for CVE-2026-12480 [MEDIUM]#17925
[AutoPR- Security] Patch keras for CVE-2026-12480 [MEDIUM]#17925azurelinux-security wants to merge 2 commits into
Conversation
|
@Ratiranjan5's analysis seems correct. Below is my brief analysis of
|
There was a problem hiding this comment.
LGTM ✅ — AI backport of the upstream keras H5-validation fix is faithful and complete on the supported arch; the only CI red is an unrelated aarch64 install-test infra flake for an ExclusiveArch: x86_64 package.
Patch fidelity — CVE-2026-12480.patch
AI Backport of upstream keras-team/keras@d5a88bd ("Refactor and share H5 validation code between legacy and new format", #22801). Verified hunk-by-hunk against the upstream .patch:
| Area | Status |
|---|---|
safe_get_h5_group / safe_get_h5_dataset (the actual fix) |
✅ byte-for-byte identical to upstream — reject ExternalLink/SoftLink, and external/virtual datasets (the H5 link-traversal / arbitrary-read vector) |
| Guarded call sites | ✅ every raw read (f["model_weights"], f["top_level_model_weights"], hdf5_group["optimizer_weights"], self.h5_file["vars"], self.group[name], …) converted to safe_get_* |
Old weak helpers _verify_group / _verify_dataset |
✅ definitions and all call sites removed — no orphaned references left behind |
New imports in legacy_h5_format.py |
✅ safe_get_h5_group / safe_get_h5_dataset imported from saving_lib |
| Base-version adaptation | ✅ load_weights_from_hdf5_group(group, model) keeps the 3.3.3 base signature (no skip_mismatch); no caller passes it |
Accounted-for deltas (all expected):
- 17 guard call-sites vs upstream's 20 — the 3-call difference is entirely in
H5Entry, whose extra code paths exist only on upstream HEAD, not in the 3.3.3 base. Every H5 access present in the base is guarded. - Line offsets / blob hashes differ (different base version) — expected.
Spec hygiene — keras.spec
- ✅
Release: 7 → 8, matches the%changelogtop entry (3.3.3-8, Mon Jul 06 2026, Security Servicing Account,CVE-2026-12480). - ✅
Patch7: CVE-2026-12480.patchdeclared sequentially (afterPatch6) and applied via%autosetup -p1. - ✅ No source tarball change → no
*.signatures.jsonupdate needed (Source Signature Check green). - ✅ No
BuildRequireschange needed (pure-Python patch, no parser/codegen).
Build / CI — buddy build 1154433
All 17 GitHub checks green. Timeline tally: 165 succeeded · 14 skipped · 4 failed. Note keras is ExclusiveArch: x86_64, so it only builds/matters on AMD64.
| Stage | AMD64 (x86_64) | ARM64 (aarch64) |
|---|---|---|
| Build | ✅ Built: keras-3.3.3-8.azl3.src.rpm → python3-keras-3.3.3-8.azl3.x86_64.rpm |
⏭️ skipped — ExclusiveArch: x86_64 (srpmpacker: cannot be built on current architecture) |
| Install-test | ✅ test_install_amd64 passed |
❌ test_install_arm64 — infra, not keras (see below) |
%check |
N/A — spec has no %check section |
N/A |
| Sodiff | N/A — pure-Python, no .so ABI surface |
N/A |
| Postbuild (License/Guardian) | ✅ | ✅ |
The 4 failures are all the single test_built_packages_arm64 stage. Log shows container/harness errors — Unable to find image 'mcr.microsoft.com/azurelinux/base/core:3.0', touch: cannot touch '/var/lib/rpm-state/systemd-resolved.initial-installation', Cannot kill container … is not running, Bash exited with code '1'. The harness's rpms_to_install also lists a python3-keras-…aarch64.rpm that never exists (x86_64-only package). No keras build/test breakage — the equivalent AMD64 install-test passed. Recommend re-triggering the flaky arm64 stage; not a blocker.
Signed-Off By: @mfrw
Auto Patch keras for CVE-2026-12480.
Autosec pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1154419&view=results
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
What does the PR accomplish, why was it needed?
Change Log
Does this affect the toolchain?
YES/NO
Associated issues
Links to CVEs
Test Methodology