A keras implementation of ENet (abandoned for the foreseeable future)

Last update: Nov 23, 2021

Related tags

Overview

ENet-keras

This is an implementation of ENet: A Deep Neural Network Architecture for Real-Time Semantic Segmentation, ported from ENet-training (lua-torch) to keras.

Installation

Get code

git clone https://github.com/PavlosMelissinos/enet-keras.git
cd enet-keras

Setup environment

Dependencies

On poetry: poetry install

On Anaconda/miniconda: conda env create -f environment.yml

On pip: pip install -r requirements.txt

Set up data/model

make setup

The setup script only sets up some directories and converts the model to an appropriate format.

Usage

Train on MS-COCO

make train

Remaining tasks

Comments

Where to download the pretrained/torch_enet.pkl file?

 ./train.sh 
Using TensorFlow backend.
solver json: /home/rvl/code/enet-keras/config/solver.json
Preparing to train on mscoco data...
ENet has found no compatible pretrained weights! Skipping weight transfer...
Traceback (most recent call last):
  File "src/train.py", line 141, in <module>
    train(solver=solver)
  File "src/train.py", line 82, in train
    autoencoder = model.transfer_weights(autoencoder)
  File "/home/rvl/code/enet-keras/src/models/enet_unpooling/model.py", line 47, in transfer_weights
    with open(weights, 'rb') as fin:
IOError: [Errno 2] No such file or directory: '/home/rvl/code/enet-keras/src/models/enet_unpooling/../../../models/pretrained/torch_enet.pkl'

opened by HTLife 11

Output shows no segmentation on a test image

I have the following function get_model() which returns the enet model with weights loaded from torch_enet.pkl. The functions build() and transfer_weights() are from src/test.py.

def get_model(num_class):
    nc = num_class    # number of classes
    dw = 256
    dh = 256

    autoencoder, model_name = build(nc=nc, w=dw, h=dh)

    weights_fname = "trained_segmenter_weights.hdf5"

    if os.path.exists(weights_fname):
        autoencoder.load_weights(weights_fname)
    else:
        autoencoder = transfer_weights(model=autoencoder)
        autoencoder.save_weights(weights_fname)

    return autoencoder

I created a model with 11 classes by calling get_model(11). I fed the image 2015-11-08T13.52.54.655-0000011482.jpg from SUNRGBD dataset. The model gave a prediction tensor which I reshaped to (256, 256, 11). To visualize the predictions, I used the following function to save that tensor as an image:

def save_output(pred):
    h, w , nc = pred.shape
    print(h, w, nc)  # Prints: 256 256 11

    colors = [(random.randint(0, 255), random.randint(0, 255), random.randint(0, 255))
              for i in range(nc)
             ]
    output = np.zeros((h, w, 3))

    for i in range(h):
        for j in range(w):
            vals = pred[i, j, :].ravel().tolist()
            pos = vals.index(max(vals))
            output[i, j] = colors[pos]

    out_f = "pred_output.jpg"
    ret = cv2.imwrite(out_f, output)

The output shows almost random assignment of colors and there's no visible segmentation at all.

The input and the corresponding segmented output can be found below: 2015-11-08t13 52 54 655-0000011482 out_2015-11-08t13 52 54 655-0000011482

opened by bparaj 5

OpenCV dependency removal

I'm interested in throwing away every import cv2 line because OpenCV has mostly been a pain for no reason. The attempt can be seen in the no_opencv branch

The strongest contenders are pillow and scikit-image.

I will be documenting my experiences here mostly as notes to myself and possibly to fuel a discussion.

| Library | Wraps NumPy | channel order | dimension order | |-----------|----------------|---------------|------------------| | OpenCV | yes | bgr | (width, height) | | Pillow | no | rgb | (width, height) | | skimage | yes | rgb | (height, width) |

Any suggestions are welcome!

opened by PavlosMelissinos 5
usage
It seems the coco script requires files that don't exist in the repository and for which there are no generators?

in load_data():

img_txt = os.path.join(data_dir, data_type, 'images.txt') lbl_txt = os.path.join(data_dir, data_type, 'labels.txt')

Also, note that if the class values are serialized into a single image then data will be lost, categorical classes are most appropriate since a single image can be multiple classes.
opened by ahundt 5
Fix dependencies

Pip throws and error on the line containing: gsutil=4.46 which seems to be a typo in requirements.txt . The same issue appears in environment.yml when using conda to install the dependencies. Other than that, many of these dependencies seem to be on out-dated versions. Is there any other recommended way to get the installation to work with more recent packages?

opened by subhacom 3
pretrained file and enet_unpooling_best.h5 missing?

Hi, when I run the predict.py and train.sh, it said that can't find "enet_unpooling_best.h5 " and "pretrained/torch_enet.pkl". And I can't find the two files in the folder either. So what's wrong with it? Thanks!

opened by declanzane 3
Speed up inference

I'm back again. I have some pretty decent results on the Camvid dataset now thanks to your help. I have a question for you, that you might be able to anwer. I'm not able to reproduce the fast inference time. In the article they state that:

"For inference we merge batch normalization and dropout layers into the convolutional filters, to speed up all networks."

Do you know where I can find any related litterature on how to do so or perhabs you know how they do it?

opened by copaah 3
How to save checkpoint during training?

Thanks for sharing code!

When I run train.py, I found it took a lot of time. I interrupted it during training and found there was not a checkpoint has been saved. I noticed that there is a callbacks() function in the train.py. I guess this is used for saving checkpoint. But I didn't see it was called during training. So how could I save the checkpoint during training periodically? For example, I want to save the checkpoint after trained every 1000 images.

Looking forward to your response. Thank you so much. @PavlosMelissinos
question

opened by tongzhoumu 3
End-to-end training

I see you are training the model end-to-end style, while, in the original paper, they train the encoder first in order to categorize downsampled regions and then they append the decoder afterwards. What are you thoughts on this? Do you have any intuition why it might be better to train it encoder-decoder style rather than end-to-end?
enhancement

opened by copaah 3
about the label format

I have my own dataset There are 34774 png input images and 34774 png labels images input images are in shape (576, 576, 3) label images are in shape(576, 576) Every pixel in label image has a class number and there are 6 classes I don't quite understand how you deal with the MSCOCO annotations and what you do in "flow()" function in datasets.py, So what should I do on the"flow()"function , thanks!

opened by ShowTsai 2
Bump html5lib from 0.9999999 to 0.99999999
Bumps html5lib from 0.9999999 to 0.99999999.

Changelog

Sourced from html5lib's changelog.

Commits

ebf6225 0.99999999 release! Let's party!

a8ba43e Merge pull request #270 from gsnedders/rename_stuff

8cb144b Update the docs after all the renaming and add CHANGES

00977d6 Rename a bunch of serializer module variables to be underscore prefixed

18a7102 Have only one set of allowed elements/attributes for the sanitizer

c4dd677 Move a whole bunch of private modules to be underscore prefixed

8db5828 Rename treewalkers.lxmletree to .etree_lxml for consistency

1a61c44 Rename treewalkers.genshistream to .genshi for consistency

6c30d0b Move serializer.htmlserializer to serializer

7bbde54 Rename filters._base to .base to reflect public status

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump certifi from 2016.2.28 to 2022.12.7
Bumps certifi from 2016.2.28 to 2022.12.7.

Commits

9e9e840 2022.12.07

b81bdb2 2022.09.24

939a28f 2022.09.14

aca828a 2022.06.15.2

de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...

b8eb5e9 2022.06.15.1

47fb7ab Fix deprecation warning on Python 3.11 (#199)

b0b48e0 fixes #198 -- update link in license

9d514b4 2022.06.15

4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump py from 1.8.1 to 1.10.0
Bumps py from 1.8.1 to 1.10.0.

Changelog

Sourced from py's changelog.

1.10.0 (2020-12-12)

Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651)

Update vendored apipkg: 1.4 => 1.5

Update vendored iniconfig: 1.0.0 => 1.1.1

1.9.0 (2020-06-24)

Add type annotation stubs for the following modules:

py.error

py.iniconfig

py.path (not including SVN paths)

py.io

py.xml

There are no plans to type other modules at this time.

The type annotations are provided in external .pyi files, not inline in the code, and may therefore contain small errors or omissions. If you use py in conjunction with a type checker, and encounter any type errors you believe should be accepted, please report it in an issue.

1.8.2 (2020-06-15)

On Windows, py.path.locals which differ only in case now have the same Python hash value. Previously, such paths were considered equal but had different hashes, which is not allowed and breaks the assumptions made by dicts, sets and other users of hashes.

Commits

e5ff378 Update CHANGELOG for 1.10.0

94cf44f Update vendored libs

5e8ded5 testing: comment out an assert which fails on Python 3.9 for now

afdffcc Rename HOWTORELEASE.rst to RELEASING.rst

2de53a6 Merge pull request #266 from nicoddemus/gh-actions

fa1b32e Merge pull request #264 from hugovk/patch-2

887d6b8 Skip test_samefile_symlink on pypy3 on Windows

e94e670 Fix test_comments() in test_source

fef9a32 Adapt test

4a694b0 Add GitHub Actions badge to README

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump protobuf from 3.4.0 to 3.18.3
Bumps protobuf from 3.4.0 to 3.18.3.

Release notes

Sourced from protobuf's releases.

Protocol Buffers v3.18.3

C++

Reduce memory consumption of MessageSet parsing

This release addresses a Security Advisory for C++ and Python users

Protocol Buffers v3.16.1

Java

Improve performance characteristics of UnknownFieldSet parsing (#9371)

Protocol Buffers v3.18.2

Java

Improve performance characteristics of UnknownFieldSet parsing (#9371)

Protocol Buffers v3.18.1

Python

Update setup.py to reflect that we now require at least Python 3.5 (#8989)

Performance fix for DynamicMessage: force GetRaw() to be inlined (#9023)

Ruby

Update ruby_generator.cc to allow proto2 imports in proto3 (#9003)

Protocol Buffers v3.18.0

C++

Fix warnings raised by clang 11 (#8664)

Make StringPiece constructible from std::string_view (#8707)

Add missing capability attributes for LLVM 12 (#8714)

Stop using std::iterator (deprecated in C++17). (#8741)

Move field_access_listener from libprotobuf-lite to libprotobuf (#8775)

Fix #7047 Safely handle setlocale (#8735)

Remove deprecated version of SetTotalBytesLimit() (#8794)

Support arena allocation of google::protobuf::AnyMetadata (#8758)

Fix undefined symbol error around SharedCtor() (#8827)

Fix default value of enum(int) in json_util with proto2 (#8835)

Better Smaller ByteSizeLong

Introduce event filters for inject_field_listener_events

Reduce memory usage of DescriptorPool

For lazy fields copy serialized form when allowed.

Re-introduce the InlinedStringField class

v2 access listener

Reduce padding in the proto's ExtensionRegistry map.

GetExtension performance optimizations

Make tracker a static variable rather than call static functions

Support extensions in field access listener

Annotate MergeFrom for field access listener

Fix incomplete types for field access listener

Add map_entry/new_map_entry to SpecificField in MessageDifferencer. They record the map items which are different in MessageDifferencer's reporter.

Reduce binary size due to fieldless proto messages

TextFormat: ParseInfoTree supports getting field end location in addition to start.

... (truncated)

Commits

a902b39 No-op whitespace change

ae62acd Updating version.json and repo version numbers to: 18.3

f43ac49 Merge pull request #10542 from deannagarcia/3.18.x

9efdf55 Add missing includes

d1635e1 Apply patch

5b37c91 Update version.json with "lts": true (#10534)

c39d622 Merge pull request #10529 from protocolbuffers/deannagarcia-patch-5

f77d3b6 Update version.json

8178b06 Merge pull request #10503 from deannagarcia/3.18.x

24ca839 Add version file

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump html5lib from 0.9999999 to 0.999999999
Bumps html5lib from 0.9999999 to 0.999999999.

Changelog

Sourced from html5lib's changelog.

Commits

6a73efa Yes, another release, already. :(

e0dc25f Fix attribute order to the treebuilder to be document order

a3b8252 Back to -dev

ebf6225 0.99999999 release! Let's party!

a8ba43e Merge pull request #270 from gsnedders/rename_stuff

8cb144b Update the docs after all the renaming and add CHANGES

00977d6 Rename a bunch of serializer module variables to be underscore prefixed

18a7102 Have only one set of allowed elements/attributes for the sanitizer

c4dd677 Move a whole bunch of private modules to be underscore prefixed

8db5828 Rename treewalkers.lxmletree to .etree_lxml for consistency

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump tensorflow-gpu from 1.3.0 to 2.7.2
Bumps tensorflow-gpu from 1.3.0 to 2.7.2.

Release notes

Sourced from tensorflow-gpu's releases.

TensorFlow 2.7.2

Release 2.7.2

This releases introduces several vulnerability fixes:

Fixes a code injection in saved_model_cli (CVE-2022-29216)

Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)

Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)

Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)

Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)

Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)

Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)

Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)

Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)

Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)

Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)

Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)

Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)

Fixes a segfault due to missing support for quantized types (CVE-2022-29205)

Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)

Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)

Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)

Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)

Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)

Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)

Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)

Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)

Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)

Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)

Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115

Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

TensorFlow 2.7.1

Release 2.7.1

This releases introduces several vulnerability fixes:

Fixes a floating point division by 0 when executing convolution operators (CVE-2022-21725)

Fixes a heap OOB read in shape inference for ReverseSequence (CVE-2022-21728)

Fixes a heap OOB access in Dequantize (CVE-2022-21726)

Fixes an integer overflow in shape inference for Dequantize (CVE-2022-21727)

Fixes a heap OOB access in FractionalAvgPoolGrad (CVE-2022-21730)

Fixes an overflow and divide by zero in UnravelIndex (CVE-2022-21729)

Fixes a type confusion in shape inference for ConcatV2 (CVE-2022-21731)

Fixes an OOM in ThreadPoolHandle (CVE-2022-21732)

Fixes an OOM due to integer overflow in StringNGrams (CVE-2022-21733)

Fixes more issues caused by incomplete validation in boosted trees code (CVE-2021-41208)

Fixes an integer overflows in most sparse component-wise ops (CVE-2022-23567)

Fixes an integer overflows in AddManySparseToTensorsMap (CVE-2022-23568)

... (truncated)

Changelog

Sourced from tensorflow-gpu's changelog.

Release 2.7.2

This releases introduces several vulnerability fixes:

Fixes a code injection in saved_model_cli (CVE-2022-29216)

Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)

Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)

Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)

Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)

Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)

Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)

Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)

Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)

Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)

Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)

Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)

Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)

Fixes a segfault due to missing support for quantized types (CVE-2022-29205)

Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)

Fixes a missing validation which results in undefined behavior in QuantizedConv2D (CVE-2022-29201)

Fixes an integer overflow in SpaceToBatchND (CVE-2022-29203)

Fixes a segfault and OOB write due to incomplete validation in EditDistance (CVE-2022-29208)

Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29204)

Fixes a denial of service in tf.ragged.constant due to lack of validation (CVE-2022-29202)

Fixes a segfault when tf.histogram_fixed_width is called with NaN values (CVE-2022-29211)

Fixes a core dump when loading TFLite models with quantization (CVE-2022-29212)

Fixes crashes stemming from incomplete validation in signal ops (CVE-2022-29213)

Fixes a type confusion leading to CHECK-failure based denial of service (CVE-2022-29209)

Updates curl to 7.83.1 to handle (CVE-2022-22576, (CVE-2022-27774, (CVE-2022-27775, (CVE-2022-27776, (CVE-2022-27778, (CVE-2022-27779, (CVE-2022-27780, (CVE-2022-27781, (CVE-2022-27782 and (CVE-2022-30115

Updates zlib to 1.2.12 after 1.2.11 was pulled due to security issue

Release 2.6.4

This releases introduces several vulnerability fixes:

Fixes a code injection in saved_model_cli (CVE-2022-29216)

Fixes a missing validation which causes TensorSummaryV2 to crash (CVE-2022-29193)

Fixes a missing validation which crashes QuantizeAndDequantizeV4Grad (CVE-2022-29192)

Fixes a missing validation which causes denial of service via DeleteSessionTensor (CVE-2022-29194)

Fixes a missing validation which causes denial of service via GetSessionTensor (CVE-2022-29191)

Fixes a missing validation which causes denial of service via StagePeek (CVE-2022-29195)

Fixes a missing validation which causes denial of service via UnsortedSegmentJoin (CVE-2022-29197)

Fixes a missing validation which causes denial of service via LoadAndRemapMatrix (CVE-2022-29199)

Fixes a missing validation which causes denial of service via SparseTensorToCSRSparseMatrix (CVE-2022-29198)

Fixes a missing validation which causes denial of service via LSTMBlockCell (CVE-2022-29200)

Fixes a missing validation which causes denial of service via Conv3DBackpropFilterV2 (CVE-2022-29196)

Fixes a CHECK failure in depthwise ops via overflows (CVE-2021-41197)

Fixes issues arising from undefined behavior stemming from users supplying invalid resource handles (CVE-2022-29207)

Fixes a segfault due to missing support for quantized types (CVE-2022-29205)

Fixes a missing validation which results in undefined behavior in SparseTensorDenseAdd (CVE-2022-29206)

... (truncated)

Commits

dd7b8a3 Merge pull request #56034 from tensorflow-jenkins/relnotes-2.7.2-15779

1e7d6ea Update RELEASE.md

5085135 Merge pull request #56069 from tensorflow/mm-cp-52488e5072f6fe44411d70c6af09e...

adafb45 Merge pull request #56060 from yongtang:curl-7.83.1

01cb1b8 Merge pull request #56038 from tensorflow-jenkins/version-numbers-2.7.2-4733

8c90c2f Update version numbers to 2.7.2

43f3cdc Update RELEASE.md

98b0a48 Insert release notes place-fill

dfa5cf3 Merge pull request #56028 from tensorflow/disable-tests-on-r2.7

501a65c Disable timing out tests

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump pillow from 6.2.0 to 8.3.2
Bumps pillow from 6.2.0 to 8.3.2.

Release notes

Sourced from pillow's releases.

8.3.2

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html

Security

CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

Fix 6-byte OOB read in FliDecode [wiredfool]

Python 3.10 wheels

Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

Fixed regressions

Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

Updates for ImagePalette channel order #5599 [radarhere]

Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

8.3.1

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html

Changes

Catch OSError when checking if fp is sys.stdout #5585 [@radarhere]

Handle removing orientation from alternate types of EXIF data #5584 [@radarhere]

Make Image.array take optional dtype argument #5572 [@t-vi]

8.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html

Changes

Use snprintf instead of sprintf #5567 [@radarhere]

Limit TIFF strip size when saving with LibTIFF #5514 [@kmilos]

Allow ICNS save on all operating systems #4526 [@newpanjing]

De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [@gofr]

Do not use background or transparency index for new color #5564 [@radarhere]

Simplified code #5315 [@radarhere]

Replaced xml.etree.ElementTree #5565 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

8.3.2 (2021-09-02)

CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

Fix 6-byte OOB read in FliDecode [wiredfool]

Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

Updates for ImagePalette channel order #5599 [radarhere]

Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

8.3.1 (2021-07-06)

Catch OSError when checking if fp is sys.stdout #5585 [radarhere]

Handle removing orientation from alternate types of EXIF data #5584 [radarhere]

Make Image.array take optional dtype argument #5572 [t-vi, radarhere]

8.3.0 (2021-07-01)

Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]

Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]

Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk]

De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [gofr, radarhere]

Replaced xml.etree.ElementTree #5565 [radarhere]

... (truncated)

Commits

8013f13 8.3.2 version bump

23c7ca8 Update CHANGES.rst

8450366 Update release notes

a0afe89 Update test case

9e08eb8 Raise ValueError if color specifier is too long

bd5cf7d FLI tests for Oss-fuzz crash.

94a0cf1 Fix 6-byte OOB read in FliDecode

cece64f Add 8.3.2 (2021-09-02) [CI skip]

e422386 Add release notes for Pillow 8.3.2

08dcbb8 Pillow 8.3.2 supports Python 3.10 [ci skip]

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0