Fix PSIRT Vulnerability - Dependency Confusion in oneccl_bind_pt package (#13305)

* Fix PSIRT Vulnerability - Dependency Confusion in oneccl_bind_pt package * update --------- Co-authored-by: YongZhuIntel <yong.zhu@intel.com>
2025-09-12 10:22:18 +08:00 · 2025-09-12 10:22:18 +08:00 · 6d89c827a8
commit 6d89c827a8
parent 25e1709050
16 changed files with 16 additions and 16 deletions
--- a/docker/llm/serving/cpu/docker/Dockerfile
+++ b/docker/llm/serving/cpu/docker/Dockerfile
@ -75,7 +75,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    pip install Jinja2==3.1.3 && \
    pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu && \
    pip install intel-extension-for-pytorch==2.2.0 && \
-    pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/ && \
+    pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/ && \
    pip install transformers==4.36.2 && \
 # Install vllm dependencies
    pip install --upgrade fastapi && \
--- a/docs/mddocs/Quickstart/deepspeed_autotp_fastapi_quickstart.md
+++ b/docs/mddocs/Quickstart/deepspeed_autotp_fastapi_quickstart.md
@ -20,7 +20,7 @@ conda create -n llm python=3.11
 conda activate llm
 # below command will install intel_extension_for_pytorch==2.1.10+xpu as default
 pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
 # configures OneAPI environment variables
 source /opt/intel/oneapi/setvars.sh
 pip install git+https://github.com/microsoft/DeepSpeed.git@ed8aed5
--- a/python/llm/example/CPU/QLoRA-FineTuning/alpaca-qlora/README.md
+++ b/python/llm/example/CPU/QLoRA-FineTuning/alpaca-qlora/README.md
@ -53,7 +53,7 @@ python ./alpaca_qlora_finetuning_cpu.py \
 ```bash
 # need to run the alpaca stand-alone version first
 # for using mpirun
-pip install oneccl_bind_pt --extra-index-url https://developer.intel.com/ipex-whl-stable
+pip install oneccl_bind_pt --index-url https://developer.intel.com/ipex-whl-stable
 ```

 2. modify conf in `finetune_one_node_two_sockets.sh` and run
--- a/python/llm/example/CPU/Speculative-Decoding/Self-Speculation/baichuan2/README.md
+++ b/python/llm/example/CPU/Speculative-Decoding/Self-Speculation/baichuan2/README.md
@ -69,7 +69,7 @@ To accelerate speculative decoding on CPU, optionally, you can install our valid
 ```bash
 python -m pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu
 python -m pip install intel-extension-for-pytorch==2.2.0
-python -m pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
+python -m pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
 # if there is any installation problem for oneccl_binding, you can also find suitable index url at "https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/" or "https://developer.intel.com/ipex-whl-stable-cpu" according to your environment.

 # Install other dependencies
--- a/python/llm/example/CPU/Speculative-Decoding/Self-Speculation/llama2/README.md
+++ b/python/llm/example/CPU/Speculative-Decoding/Self-Speculation/llama2/README.md
@ -104,7 +104,7 @@ To accelerate speculative decoding on CPU, you can install our validated version
 # Install IPEX 2.2.0+cpu
 python -m pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu
 python -m pip install intel-extension-for-pytorch==2.2.0
-python -m pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
+python -m pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
 # if there is any installation problem for oneccl_binding, you can also find suitable index url at "https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/" or "https://developer.intel.com/ipex-whl-stable-cpu" according to your environment.

 # Update transformers
--- a/python/llm/example/CPU/Speculative-Decoding/Self-Speculation/llama3/README.md
+++ b/python/llm/example/CPU/Speculative-Decoding/Self-Speculation/llama3/README.md
@ -81,7 +81,7 @@ To accelerate speculative decoding on CPU, you can install our validated version
 # Install IPEX 2.2.0+cpu
 python -m pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu
 python -m pip install intel-extension-for-pytorch==2.2.0
-python -m pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
+python -m pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
 # if there is any installation problem for oneccl_binding, you can also find suitable index url at "https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/" or "https://developer.intel.com/ipex-whl-stable-cpu" according to your environment.

 # Update transformers
--- a/python/llm/example/CPU/Speculative-Decoding/Self-Speculation/mistral/README.md
+++ b/python/llm/example/CPU/Speculative-Decoding/Self-Speculation/mistral/README.md
@ -90,7 +90,7 @@ To accelerate speculative decoding on CPU, you can install our validated version
 # Install IPEX 2.2.0+cpu
 python -m pip install torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0 --index-url https://download.pytorch.org/whl/cpu
 python -m pip install intel-extension-for-pytorch==2.2.0
-python -m pip install oneccl_bind_pt==2.2.0 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
+python -m pip install oneccl_bind_pt==2.2.0 --index-url https://pytorch-extension.intel.com/release-whl/stable/cpu/us/
 # if there is any installation problem for oneccl_binding, you can also find suitable index url at "https://pytorch-extension.intel.com/release-whl/stable/cpu/cn/" or "https://developer.intel.com/ipex-whl-stable-cpu" according to your environment.

 # Update transformers
--- a/python/llm/example/GPU/Deepspeed-AutoTP-FastAPI/README.md
+++ b/python/llm/example/GPU/Deepspeed-AutoTP-FastAPI/README.md
@ -15,7 +15,7 @@ conda create -n llm python=3.11
 conda activate llm
 # below command will install intel_extension_for_pytorch==2.1.10+xpu as default
 pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
 # configures OneAPI environment variables
 source /opt/intel/oneapi/setvars.sh
 pip install git+https://github.com/microsoft/DeepSpeed.git@ed8aed5
--- a/python/llm/example/GPU/LLM-Finetuning/HF-PEFT/README.md
+++ b/python/llm/example/GPU/LLM-Finetuning/HF-PEFT/README.md
@ -17,7 +17,7 @@ pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-exte
 pip install transformers==4.45.0 "trl<0.12.0" datasets
 pip install bitsandbytes==0.45.1 scipy
 pip install fire peft==0.10.0
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
 ```

 ### 2. Configures OneAPI environment variables
--- a/python/llm/example/GPU/LLM-Finetuning/LoRA/README.md
+++ b/python/llm/example/GPU/LLM-Finetuning/LoRA/README.md
@ -15,7 +15,7 @@ pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-exte
 pip install transformers==4.45.0 "trl<0.12.0" datasets
 pip install fire peft==0.10.0
 pip install bitsandbytes==0.45.1 scipy
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
 ```

 ### 2. Configures OneAPI environment variables
--- a/python/llm/example/GPU/LLM-Finetuning/LoRA/chatglm_finetune/README.md
+++ b/python/llm/example/GPU/LLM-Finetuning/LoRA/chatglm_finetune/README.md
@ -21,7 +21,7 @@ pip install "deepspeed==0.13.1"
 pip install "mpi4py>=3.1.5"
 # below command will install intel_extension_for_pytorch==2.1.10+xpu as default
 pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
 ```

 ### 2. Configures OneAPI Environment Variables
--- a/python/llm/example/GPU/LLM-Finetuning/QA-LoRA/README.md
+++ b/python/llm/example/GPU/LLM-Finetuning/QA-LoRA/README.md
@ -15,7 +15,7 @@ pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-exte
 pip install transformers==4.45.0 "trl<0.12.0" datasets
 pip install fire peft==0.10.0
 pip install bitsandbytes==0.45.1 scipy
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
 ```

 ### 2. Configures OneAPI environment variables
--- a/python/llm/example/GPU/LLM-Finetuning/QLoRA/alpaca-qlora/README.md
+++ b/python/llm/example/GPU/LLM-Finetuning/QLoRA/alpaca-qlora/README.md
@ -19,7 +19,7 @@ conda activate llm
 pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
 pip install transformers==4.36.1 datasets
 pip install fire peft==0.10.0 accelerate==0.23.0
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
 pip install bitsandbytes scipy
 # configures OneAPI environment variables
 source /opt/intel/oneapi/setvars.sh # necessary to run before installing deepspeed
--- a/python/llm/example/GPU/LLM-Finetuning/ReLora/README.md
+++ b/python/llm/example/GPU/LLM-Finetuning/ReLora/README.md
@ -15,7 +15,7 @@ pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-exte
 pip install transformers==4.45.0 "trl<0.12.0" datasets
 pip install fire peft==0.10.0
 pip install bitsandbytes==0.45.1 scipy
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/ # necessary to run distributed finetuning
 ```

 ### 2. Configures OneAPI environment variables
--- a/python/llm/example/GPU/Pipeline-Parallel-Inference/README.md
+++ b/python/llm/example/GPU/Pipeline-Parallel-Inference/README.md
@ -48,7 +48,7 @@ conda create -n llm python=3.11
 conda activate llm
 # below command will install intel_extension_for_pytorch==2.1.10+xpu as default
 pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
 ```

 ### 2. Run pipeline parallel inference on multiple GPUs
--- a/python/llm/example/GPU/Pipeline-Parallel-Serving/README.md
+++ b/python/llm/example/GPU/Pipeline-Parallel-Serving/README.md
@ -36,7 +36,7 @@ conda create -n llm python=3.11
 conda activate llm
 # below command will install intel_extension_for_pytorch==2.1.10+xpu as default
 pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
-pip install oneccl_bind_pt==2.1.100 --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
+pip install oneccl_bind_pt==2.1.100 --index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/us/
 # configures OneAPI environment variables
 source /opt/intel/oneapi/setvars.sh
 pip install mpi4py fastapi uvicorn openai