Onboard PT2.6 Training to Autopatch (#4645)

* run efa

* add core packages

* build ec2 autopatch

* build

* build sm

* enable security tests

* add os allowlist

* inject libfreetype6 tp ecr vuls

* add two more os allowlist

* build ec2

* revert toml

---------

Co-authored-by: Yadan Wei <yadanwei@amazon.com>

Author: Yadan-Wei

pytorch/training/buildspec-2-5-ec2.yml

@@ -42,7 +42,7 @@ images:
     os_version: &OS_VERSION ubuntu22.04
     tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION, "-ec2" ]
     latest_release_tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *OS_VERSION, "-ec2" ]
-    # build_tag_override: "beta:2.5.0-cpu-py311-ubuntu22.04-ec2"
+    # build_tag_override: "beta:2.5.1-cpu-py311-ubuntu22.04-ec2"
     docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /Dockerfile., *DEVICE_TYPE ]
     target: ec2
     context:
@@ -58,7 +58,7 @@ images:
     os_version: &OS_VERSION ubuntu22.04
     tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *CUDA_VERSION, "-", *OS_VERSION, "-ec2" ]
     latest_release_tag: !join [ *VERSION, "-", *DEVICE_TYPE, "-", *TAG_PYTHON_VERSION, "-", *CUDA_VERSION, "-", *OS_VERSION, "-ec2" ]
-    # build_tag_override: "beta:2.5.0-gpu-py311-cu121-ubuntu22.04-ec2"
+    # build_tag_override: "beta:2.5.1-gpu-py311-cu121-ubuntu22.04-ec2"
     docker_file: !join [ docker/, *SHORT_VERSION, /, *DOCKER_PYTHON_VERSION, /, *CUDA_VERSION, /Dockerfile.,
                          *DEVICE_TYPE ]
     target: ec2

pytorch/training/buildspec-2-6-ec2.yml

@@ -5,7 +5,7 @@ framework: &FRAMEWORK pytorch
 version: &VERSION 2.6.0
 short_version: &SHORT_VERSION "2.6"
 arch_type: x86
-# autopatch_build: "True"
+autopatch_build: "True"
 
 repository_info:
   training_repository: &TRAINING_REPOSITORY

pytorch/training/buildspec-2-6-sm.yml

@@ -5,7 +5,7 @@ framework: &FRAMEWORK pytorch
 version: &VERSION 2.6.0
 short_version: &SHORT_VERSION "2.6"
 arch_type: x86
-# autopatch_build: "True"
+autopatch_build: "True"
 
 repository_info:
   training_repository: &TRAINING_REPOSITORY

pytorch/training/docker/2.6/py3/Dockerfile.ec2.cpu.core_packages.json

@@ -0,0 +1,48 @@
+{
+  "accelerate": {
+    "version_specifier": "==1.4.0",
+    "skip": "True"
+  },
+  "s3torchconnector": {
+    "version_specifier": "==1.3.2",
+    "skip": "True"
+  },
+  "torchaudio": {
+    "version_specifier": "==2.6.0+cpu",
+    "skip": "True"
+  },
+  "torchtext": {
+    "version_specifier": "==0.18.0+cpu",
+    "skip": "True"
+  },
+  "torchdata": {
+    "version_specifier": "==0.10.1+cpu",
+    "skip": "True"
+  },
+  "torchtnt": {
+    "version_specifier": "==0.2.4",
+    "skip": "True"
+  },
+  "torchvision": {
+    "version_specifier": "==0.21.0+cpu",
+    "skip": "True"
+  },
+  "idna": {
+    "version_specifier": ">=3.7"
+  },
+  "tqdm": {
+    "version_specifier": ">=4.66.3"
+  },
+  "requests": {
+    "version_specifier": ">=2.32.0"
+  },
+  "setuptools": {
+    "version_specifier": ">=70.0.0"
+  },
+  "urllib3": {
+    "version_specifier": "<2"
+  },
+  "awscli": {
+    "version_specifier": "<2"
+  }
+}

pytorch/training/docker/2.6/py3/Dockerfile.ec2.cpu.os_scan_allowlist.json

@@ -0,0 +1,29 @@
+{
+  "libfreetype6": [
+    {
+      "description": "An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.",
+      "vulnerability_id": "CVE-2025-27363",
+      "name": "CVE-2025-27363",
+      "package_name": "libfreetype6",
+      "package_details": {
+        "file_path": null,
+        "name": "libfreetype6",
+        "package_manager": "OS",
+        "version": "2.11.1+dfsg",
+        "release": "1ubuntu0.2"
+      },
+      "remediation": { "recommendation": { "text": "None Provided" } },
+      "cvss_v3_score": 8.1,
+      "cvss_v30_score": 0.0,
+      "cvss_v31_score": 8.1,
+      "cvss_v2_score": 0.0,
+      "cvss_v3_severity": "HIGH",
+      "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-27363.html",
+      "source": "UBUNTU_CVE",
+      "severity": "HIGH",
+      "status": "ACTIVE",
+      "title": "CVE-2025-27363 - libfreetype6",
+      "reason_to_ignore": "N/A"
+    }
+  ]
+}

pytorch/training/docker/2.6/py3/Dockerfile.sagemaker.cpu.core_packages.json

@@ -0,0 +1,57 @@
+{
+  "accelerate": {
+    "version_specifier": "==1.4.0",
+    "skip": "True"
+  },
+  "s3torchconnector": {
+    "version_specifier": "==1.3.2",
+    "skip": "True"
+  },
+  "torchaudio": {
+    "version_specifier": "==2.6.0+cpu",
+    "skip": "True"
+  },
+  "torchtext": {
+    "version_specifier": "==0.18.0+cpu",
+    "skip": "True"
+  },
+  "torchdata": {
+    "version_specifier": "==0.10.1+cpu",
+    "skip": "True"
+  },
+  "torchtnt": {
+    "version_specifier": "==0.2.4",
+    "skip": "True"
+  },
+  "torchvision": {
+    "version_specifier": "==0.21.0+cpu",
+    "skip": "True"
+  },
+  "idna": {
+    "version_specifier": ">=3.7"
+  },
+  "tqdm": {
+    "version_specifier": ">=4.66.3"
+  },
+  "requests": {
+    "version_specifier": ">=2.32.0"
+  },
+  "setuptools": {
+    "version_specifier": ">=70.0.0"
+  },
+  "urllib3": {
+    "version_specifier": "<2"
+  },
+  "awscli": {
+    "version_specifier": "<2"
+  },
+  "sagemaker": {
+    "version_specifier": ">=2,<3"
+  },
+  "sagemaker-experiments": {
+    "version_specifier": "<1"
+  },
+  "cloudpickle": {
+    "version_specifier": ">=2.2.1"
+  }
+}

pytorch/training/docker/2.6/py3/Dockerfile.sagemaker.cpu.os_scan_allowlist.json

@@ -0,0 +1,29 @@
+{
+  "libfreetype6": [
+    {
+      "description": "An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.",
+      "vulnerability_id": "CVE-2025-27363",
+      "name": "CVE-2025-27363",
+      "package_name": "libfreetype6",
+      "package_details": {
+        "file_path": null,
+        "name": "libfreetype6",
+        "package_manager": "OS",
+        "version": "2.11.1+dfsg",
+        "release": "1ubuntu0.2"
+      },
+      "remediation": { "recommendation": { "text": "None Provided" } },
+      "cvss_v3_score": 8.1,
+      "cvss_v30_score": 0.0,
+      "cvss_v31_score": 8.1,
+      "cvss_v2_score": 0.0,
+      "cvss_v3_severity": "HIGH",
+      "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-27363.html",
+      "source": "UBUNTU_CVE",
+      "severity": "HIGH",
+      "status": "ACTIVE",
+      "title": "CVE-2025-27363 - libfreetype6",
+      "reason_to_ignore": "N/A"
+    }
+  ]
+}

pytorch/training/docker/2.6/py3/cu126/Dockerfile.ec2.gpu.core_packages.json

@@ -0,0 +1,52 @@
+{
+  "accelerate": {
+    "version_specifier": "==1.4.0",
+    "skip": "True"
+  },
+  "flash-attn": {
+    "version_specifier": "==2.7.3",
+    "skip": "True"
+  },
+  "transformer-engine": {
+    "version_specifier": "==2.0.0+e5cc6c2",
+    "skip": "True"
+  },
+  "s3torchconnector": {
+    "version_specifier": "==1.3.2",
+    "skip": "True"
+  },
+  "torchaudio": {
+    "version_specifier": "==2.6.0+cu126",
+    "skip": "True"
+  },
+  "torchtext": {
+    "version_specifier": "==0.18.0+cu126",
+    "skip": "True"
+  },
+  "torchtnt": {
+    "version_specifier": "==0.2.4",
+    "skip": "True"
+  },
+  "torchvision": {
+    "version_specifier": "==0.21.0+cu126",
+    "skip": "True"
+  },
+  "idna": {
+    "version_specifier": ">=3.7"
+  },
+  "tqdm": {
+    "version_specifier": ">=4.66.3"
+  },
+  "requests": {
+    "version_specifier": ">=2.32.0"
+  },
+  "setuptools": {
+    "version_specifier": ">=70.0.0"
+  },
+  "urllib3": {
+    "version_specifier": "<2"
+  },
+  "awscli": {
+    "version_specifier": "<2"
+  }
+}

pytorch/training/docker/2.6/py3/cu126/Dockerfile.ec2.gpu.os_scan_allowlist.json

@@ -1,4 +1,58 @@
 {
+  "go/stdlib": [
+    {
+      "description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.",
+      "vulnerability_id": "CVE-2024-24790",
+      "name": "CVE-2024-24790",
+      "package_name": "go/stdlib",
+      "package_details": {
+        "file_path": "/opt/nvidia/nsight-systems/2024.5.1/target-linux-x64/plugins/efa_metrics/nic_sampler",
+        "name": "go/stdlib",
+        "package_manager": "GENERIC",
+        "version": "1.22.3",
+        "release": null
+      },
+      "remediation": { "recommendation": { "text": "None Provided" } },
+      "cvss_v3_score": 9.8,
+      "cvss_v30_score": 0.0,
+      "cvss_v31_score": 9.8,
+      "cvss_v2_score": 0.0,
+      "cvss_v3_severity": "CRITICAL",
+      "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
+      "source": "NVD",
+      "severity": "CRITICAL",
+      "status": "ACTIVE",
+      "title": "CVE-2024-24790 - go/stdlib",
+      "reason_to_ignore": "N/A"
+    }
+  ],
+  "libfreetype6": [
+    {
+      "description": "An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.",
+      "vulnerability_id": "CVE-2025-27363",
+      "name": "CVE-2025-27363",
+      "package_name": "libfreetype6",
+      "package_details": {
+        "file_path": null,
+        "name": "libfreetype6",
+        "package_manager": "OS",
+        "version": "2.11.1+dfsg",
+        "release": "1ubuntu0.2"
+      },
+      "remediation": { "recommendation": { "text": "None Provided" } },
+      "cvss_v3_score": 8.1,
+      "cvss_v30_score": 0.0,
+      "cvss_v31_score": 8.1,
+      "cvss_v2_score": 0.0,
+      "cvss_v3_severity": "HIGH",
+      "source_url": "https://people.canonical.com/~ubuntu-security/cve/2025/CVE-2025-27363.html",
+      "source": "UBUNTU_CVE",
+      "severity": "HIGH",
+      "status": "ACTIVE",
+      "title": "CVE-2025-27363 - libfreetype6",
+      "reason_to_ignore": "N/A"
+    }
+  ],
   "org.apache.ant:ant": [
     {
       "description": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.",

pytorch/training/docker/2.6/py3/cu126/Dockerfile.sagemaker.gpu.core_packages.json

@@ -0,0 +1,61 @@
+{
+  "accelerate": {
+    "version_specifier": "==1.4.0",
+    "skip": "True"
+  },
+  "flash-attn": {
+    "version_specifier": "==2.7.3",
+    "skip": "True"
+  },
+  "transformer-engine": {
+    "version_specifier": "==2.0.0+e5cc6c2",
+    "skip": "True"
+  },
+  "s3torchconnector": {
+    "version_specifier": "==1.3.2",
+    "skip": "True"
+  },
+  "torchaudio": {
+    "version_specifier": "==2.6.0+cu126",
+    "skip": "True"
+  },
+  "torchtext": {
+    "version_specifier": "==0.18.0+cu126",
+    "skip": "True"
+  },
+  "torchtnt": {
+    "version_specifier": "==0.2.4",
+    "skip": "True"
+  },
+  "torchvision": {
+    "version_specifier": "==0.21.0+cu126",
+    "skip": "True"
+  },
+  "idna": {
+    "version_specifier": ">=3.7"
+  },
+  "tqdm": {
+    "version_specifier": ">=4.66.3"
+  },
+  "requests": {
+    "version_specifier": ">=2.32.0"
+  },
+  "setuptools": {
+    "version_specifier": ">=70.0.0"
+  },
+  "urllib3": {
+    "version_specifier": "<2"
+  },
+  "awscli": {
+    "version_specifier": "<2"
+  },
+  "sagemaker": {
+    "version_specifier": ">=2,<3"
+  },
+  "sagemaker-experiments": {
+    "version_specifier": "<1"
+  },
+  "cloudpickle": {
+    "version_specifier": ">=2.2.1"
+  }
+}