From 82c95705d593ed4b5b06a6f2e11c2728dd6c7154 Mon Sep 17 00:00:00 2001 From: dengyuyu Date: Thu, 16 Jun 2022 15:25:35 +0800 Subject: [PATCH] fix CVE-2022-21738 CVE-2022-23576 CVE-2022-23579 CVE-2022-23580 CVE-2022-23581 CVE-2022-23583 CVE-2022-23589 --- CVE-2022-21738.patch | 45 +++++++++++++++++ CVE-2022-23576.patch | 44 ++++++++++++++++ CVE-2022-23579.patch | 16 ++++++ CVE-2022-23580.patch | 32 ++++++++++++ CVE-2022-23581.patch | 116 +++++++++++++++++++++++++++++++++++++++++++ CVE-2022-23583.patch | 21 ++++++++ CVE-2022-23589.patch | 24 +++++++++ tensorflow.spec | 14 ++++-- 8 files changed, 307 insertions(+), 5 deletions(-) create mode 100644 CVE-2022-21738.patch create mode 100644 CVE-2022-23576.patch create mode 100644 CVE-2022-23579.patch create mode 100644 CVE-2022-23580.patch create mode 100644 CVE-2022-23581.patch create mode 100644 CVE-2022-23583.patch create mode 100644 CVE-2022-23589.patch diff --git a/CVE-2022-21738.patch b/CVE-2022-21738.patch new file mode 100644 index 0000000..19b3fb0 --- /dev/null +++ b/CVE-2022-21738.patch @@ -0,0 +1,45 @@ +diff -Naru tensorflow-2.3.1/tensorflow/core/kernels/count_ops.cc "tensorflow-2.3.1 copy/tensorflow/core/kernels/count_ops.cc" +--- tensorflow-2.3.1/tensorflow/core/kernels/count_ops.cc 2022-06-15 10:33:42.061008000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/kernels/count_ops.cc" 2022-06-15 10:02:55.182874000 +0800 +@@ -13,8 +13,6 @@ + limitations under the License. + ==============================================================================*/ + +-#include +- + #include "absl/container/flat_hash_map.h" + #include "tensorflow/core/framework/op_kernel.h" + #include "tensorflow/core/framework/op_requires.h" +@@ -25,9 +23,6 @@ + + namespace tensorflow { + +-// Don't allocate too large `BatchedMap` objects +-static int kMaxBatches = std::numeric_limits::max(); +- + template + using BatchedMap = std::vector>; + +@@ -197,13 +192,17 @@ + "; values shape: ", values.shape().DebugString())); + } + +- diff -Naru file_old file_new > differences.patch ++ bool is_1d = shape.NumElements() == 1; + int num_batches = is_1d ? 1 : shape.flat()(0); +- OP_REQUIRES( +- context, 0 < num_batches && num_batches < kMaxBatches, +- errors::InvalidArgument("Cannot allocate ", num_batches, +- " batches, is the dense shape too wide?")); ++ int num_values = values.NumElements(); ++ ++ OP_REQUIRES(context, num_values == indices.shape().dim_size(0), ++ errors::InvalidArgument( ++ "Number of values must match first dimension of indices.", ++ "Got ", num_values, ++ " values, indices shape: ", indices.shape().DebugString())); + ++ const auto indices_values = indices.matrix(); + const auto values_values = values.flat(); + const auto weight_values = weights.flat(); + diff --git a/CVE-2022-23576.patch b/CVE-2022-23576.patch new file mode 100644 index 0000000..13bc37f --- /dev/null +++ b/CVE-2022-23576.patch @@ -0,0 +1,44 @@ +diff -Naru tensorflow-2.3.1/tensorflow/core/grappler/costs/BUILD "tensorflow-2.3.1 copy/tensorflow/core/grappler/costs/BUILD" +--- tensorflow-2.3.1/tensorflow/core/grappler/costs/BUILD 2022-06-16 11:50:30.048277000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/grappler/costs/BUILD" 2022-06-16 11:27:54.935924000 +0800 +@@ -323,13 +323,10 @@ + ":cost_estimator", + ":op_context", + ":utils", +- "@com_google_absl//absl/strings", + "//third_party/eigen3", + "//tensorflow/core:framework", +- "//tensorflow/core:lib", + "//tensorflow/core:protos_all_cc", + "//tensorflow/core/grappler/clusters:utils", +- "//tensorflow/core/util:overflow", + ] + tf_protos_grappler(), + ) + +diff -Naru tensorflow-2.3.1/tensorflow/core/grappler/costs/op_level_cost_estimator.cc "tensorflow-2.3.1 copy/tensorflow/core/grappler/costs/op_level_cost_estimator.cc" +--- tensorflow-2.3.1/tensorflow/core/grappler/costs/op_level_cost_estimator.cc 2022-06-16 11:50:36.238277000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/grappler/costs/op_level_cost_estimator.cc" 2022-06-16 11:27:54.985924000 +0800 +@@ -24,7 +24,6 @@ + #include "tensorflow/core/framework/types.h" + #include "tensorflow/core/grappler/clusters/utils.h" + #include "tensorflow/core/grappler/costs/utils.h" +-#include "tensorflow/core/util/overflow.h" + + namespace tensorflow { + namespace grappler { +@@ -1261,14 +1260,7 @@ + auto output_shape = MaybeGetMinimumShape(original_output_shape, num_dims, + found_unknown_shapes); + for (const auto& dim : output_shape.dim()) { +- int64_t new_output_size = +- MultiplyWithoutOverflow(output_size, dim.size()); +- if (new_output_size < 0) { +- VLOG(1) << "Overflow encountered when estimating cost, multiplying " +- << output_size << " with " << dim.size(); +- return -1; +- } +- output_size = new_output_size; ++ output_size *= dim.size(); + } + total_output_size += output_size; + VLOG(1) << "Output Size: " << output_size diff --git a/CVE-2022-23579.patch b/CVE-2022-23579.patch new file mode 100644 index 0000000..df03131 --- /dev/null +++ b/CVE-2022-23579.patch @@ -0,0 +1,16 @@ +diff -Naru tensorflow-2.3.1/tensorflow/core/grappler/optimizers/dependency_optimizer.cc "tensorflow-2.3.1 copy/tensorflow/core/grappler/optimizers/dependency_optimizer.cc" +--- tensorflow-2.3.1/tensorflow/core/grappler/optimizers/dependency_optimizer.cc 2022-06-15 11:40:52.233441000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/grappler/optimizers/dependency_optimizer.cc" 2022-06-15 10:41:11.830945000 +0800 +@@ -68,12 +68,6 @@ + // The output values of this node may be needed. + return false; + } +- +- if (node.input_size() < 1) { +- // Node lacks input, is invalid +- return false; +- } +- + const NodeDef* input = node_map_->GetNode(NodeName(node.input(0))); + CHECK(input != nullptr) << "node = " << node.name() + << " input = " << node.input(0); diff --git a/CVE-2022-23580.patch b/CVE-2022-23580.patch new file mode 100644 index 0000000..85fb0f4 --- /dev/null +++ b/CVE-2022-23580.patch @@ -0,0 +1,32 @@ +diff -Naru tensorflow-2.3.1/tensorflow/core/framework/shape_inference.cc "tensorflow-2.3.1 copy/tensorflow/core/framework/shape_inference.cc" +--- tensorflow-2.3.1/tensorflow/core/framework/shape_inference.cc 2022-06-16 09:48:09.573484000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/framework/shape_inference.cc" 2022-06-16 09:34:23.824393000 +0800 +@@ -14,8 +14,6 @@ + ==============================================================================*/ + #include "tensorflow/core/framework/shape_inference.h" + +-#include +- + #include "tensorflow/core/framework/bounds_check.h" + #include "tensorflow/core/framework/node_def.pb.h" + #include "tensorflow/core/framework/partial_tensor_shape.h" +@@ -777,19 +775,6 @@ + return ReturnUnknownShape(out); + } + const auto num_dims = Value(shape_dim); +- // TODO(mihaimaruseac): Should be `TensorShape::MaxDimensions()` as we are +- // not able to materialize shapes with more than this number of dimensions +- // but then shape inference would fail for operations such as +- // `tf.range`/`tf.ones`, etc. where the shape is not really materialized, +- // only used during the inference. Hence, just prevent doing a `reserve` +- // with a very large argument. +- const int64_t max_dimensions = 1 << 20; +- if (num_dims >= max_dimensions) { +- return errors::Internal( +- "Cannot create a tensor with ", num_dims, +- " dimensions, as these would be more than maximum of ", +- max_dimensions); +- } + std::vector dims; + dims.reserve(num_dims); + for (int i = 0; i < num_dims; i++) dims.push_back(UnknownDim()); diff --git a/CVE-2022-23581.patch b/CVE-2022-23581.patch new file mode 100644 index 0000000..914cf12 --- /dev/null +++ b/CVE-2022-23581.patch @@ -0,0 +1,116 @@ +diff -Naru tensorflow-2.3.1/tensorflow/core/grappler/optimizers/constant_folding.cc "tensorflow-2.3.1 copy/tensorflow/core/grappler/optimizers/constant_folding.cc" +--- tensorflow-2.3.1/tensorflow/core/grappler/optimizers/constant_folding.cc 2022-06-16 10:31:04.514189000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/grappler/optimizers/constant_folding.cc" 2022-06-16 10:07:18.833121000 +0800 +@@ -1636,21 +1636,15 @@ + return Status::OK(); + } + +-Status ConstantFolding::IsSimplifiableReshape( ++bool ConstantFolding::IsSimplifiableReshape( + const NodeDef& node, const GraphProperties& properties) const { + if (!IsReshape(node)) { +- return errors::Internal("Node ", node.name(), " is not a Reshape node"); +- } +- if (2 > node.input_size()) { +- return errors::Internal("Node ", node.name(), +- " must have at most 2 inputs but has ", +- node.input_size()); ++ return false; + } ++ CHECK_LE(2, node.input_size()); + const NodeDef* new_shape = node_map_->GetNode(node.input(1)); + if (!IsReallyConstant(*new_shape)) { +- return errors::Internal("Node ", node.name(), " has shape ", +- new_shape->DebugString(), +- " which is not a constant"); ++ return false; + } + TensorVector outputs; + auto outputs_cleanup = gtl::MakeCleanup([&outputs] { +@@ -1661,29 +1655,22 @@ + + Status s = EvaluateNode(*new_shape, TensorVector(), &outputs); + if (!s.ok()) { +- return errors::Internal("Could not evaluate node ", node.name()); +- } +- if (outputs.size() != 1) { +- return errors::Internal("Node ", node.name(), +- " must have exactly 1 output but has ", +- outputs.size()); ++ return false; + } ++ CHECK_EQ(1, outputs.size()); + + const std::vector& props = + properties.GetInputProperties(node.name()); + if (props.empty()) { +- return errors::Internal("Node ", node.name(), " has no properties"); ++ return false; + } + const OpInfo::TensorProperties& prop = props[0]; + if (prop.dtype() == DT_INVALID) { +- return errors::Internal("Node ", node.name(), " has property ", +- prop.DebugString(), " with invalid dtype"); ++ return false; + } + const PartialTensorShape shape(prop.shape()); + if (!shape.IsFullyDefined()) { +- return errors::Internal("Node ", node.name(), " has property ", +- prop.DebugString(), " with shape ", +- shape.DebugString(), " which is not fully defined"); ++ return false; + } + + PartialTensorShape new_dims; +@@ -1693,24 +1680,17 @@ + int32 dim = outputs[0]->flat()(i); + shp.push_back(dim); + } +- s = TensorShapeUtils::MakeShape(shp, &new_dims); +- if (!s.ok()) return s; ++ TF_CHECK_OK(TensorShapeUtils::MakeShape(shp, &new_dims)); + } else { + std::vector shp; + for (int i = 0; i < outputs[0]->NumElements(); ++i) { + int64 dim = outputs[0]->flat()(i); + shp.push_back(dim); + } +- s = TensorShapeUtils::MakeShape(shp, &new_dims); +- if (!s.ok()) return s; +- } +- +- if (!shape.IsCompatibleWith(new_dims)) { +- return errors::Internal("Expected shape ", shape.DebugString(), +- "to be compatible with ", new_dims.DebugString()); ++ TF_CHECK_OK(TensorShapeUtils::MakeShape(shp, &new_dims)); + } + +- return Status::OK(); ++ return shape.IsCompatibleWith(new_dims); + } + + #define IS_VALUE_CASE(DTYPE, VALUE) \ +@@ -2794,8 +2774,7 @@ + bool ConstantFolding::SimplifyReshape(const GraphProperties& properties, + bool use_shape_info, NodeDef* node) { + if (!use_shape_info || node->attr().count("T") == 0 || +- !IsSimplifiableReshape(*node, properties).ok()) { +- return false; ++ !IsSimplifiableReshape(*node, properties)) { + return false; + } + DataType output_type = node->attr().at("T").type(); +diff -Naru tensorflow-2.3.1/tensorflow/core/grappler/optimizers/constant_folding.h "tensorflow-2.3.1 copy/tensorflow/core/grappler/optimizers/constant_folding.h" +--- tensorflow-2.3.1/tensorflow/core/grappler/optimizers/constant_folding.h 2022-06-16 10:26:53.632920000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/grappler/optimizers/constant_folding.h" 2022-06-16 10:07:18.843121000 +0800 +@@ -123,8 +123,8 @@ + Status FoldGraph(const GraphProperties& properties, GraphDef* output, + absl::flat_hash_set* nodes_to_not_simplify); + +- Status IsSimplifiableReshape(const NodeDef& node, +- const GraphProperties& properties) const; ++ bool IsSimplifiableReshape(const NodeDef& node, ++ const GraphProperties& properties) const; + Status SimplifyGraph(bool use_shape_info, GraphDef* optimized_graph, + GraphProperties* properties, + absl::flat_hash_set* nodes_to_not_simplify); diff --git a/CVE-2022-23583.patch b/CVE-2022-23583.patch new file mode 100644 index 0000000..7e4de7a --- /dev/null +++ b/CVE-2022-23583.patch @@ -0,0 +1,21 @@ +diff -Naru tensorflow-2.3.1/tensorflow/core/kernels/cwise_ops_common.h "tensorflow-2.3.1 copy/tensorflow/core/kernels/cwise_ops_common.h" +--- tensorflow-2.3.1/tensorflow/core/kernels/cwise_ops_common.h 2022-06-15 16:54:48.802051000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/kernels/cwise_ops_common.h" 2022-06-15 16:37:57.235474000 +0800 +@@ -93,17 +93,7 @@ + + void Compute(OpKernelContext* ctx) override { + const Tensor& input_0 = ctx->input(0); +- OP_REQUIRES(ctx, input_0.dtype() == DataTypeToEnum::v(), +- errors::InvalidArgument( +- "Expected tensor of type ", +- DataTypeString(DataTypeToEnum::v()), " but got type ", +- DataTypeString(input_0.dtype()))); + const Tensor& input_1 = ctx->input(1); +- OP_REQUIRES(ctx, input_0.dtype() == DataTypeToEnum::v(), +- errors::InvalidArgument( +- "Expected tensor of type ", +- DataTypeString(DataTypeToEnum::v()), " but got type ", +- DataTypeString(input_0.dtype()))); + const Device& eigen_device = ctx->eigen_device(); + bool error = false; + bool* const error_ptr = Functor::has_errors ? &error : nullptr; diff --git a/CVE-2022-23589.patch b/CVE-2022-23589.patch new file mode 100644 index 0000000..4b38500 --- /dev/null +++ b/CVE-2022-23589.patch @@ -0,0 +1,24 @@ +diff -Naru tensorflow-2.3.1/tensorflow/core/grappler/costs/BUILD "tensorflow-2.3.1 copy/tensorflow/core/grappler/costs/BUILD" +--- tensorflow-2.3.1/tensorflow/core/grappler/costs/BUILD 2022-06-15 16:21:06.357850000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/grappler/costs/BUILD" 2022-06-15 16:11:22.524886000 +0800 +@@ -327,7 +327,6 @@ + "//tensorflow/core:framework", + "//tensorflow/core:protos_all_cc", + "//tensorflow/core/grappler/clusters:utils", +- "//tensorflow/core/util:overflow", + ] + tf_protos_grappler(), + ) + +diff -Naru tensorflow-2.3.1/tensorflow/core/grappler/optimizers/constant_folding.cc "tensorflow-2.3.1 copy/tensorflow/core/grappler/optimizers/constant_folding.cc" +--- tensorflow-2.3.1/tensorflow/core/grappler/optimizers/constant_folding.cc 2022-06-15 16:31:15.256207000 +0800 ++++ "tensorflow-2.3.1 copy/tensorflow/core/grappler/optimizers/constant_folding.cc" 2022-06-15 16:11:22.634886000 +0800 +@@ -3323,9 +3323,6 @@ + + NodeDef* mul_left_child = node_map_->GetNode(node->input(0)); + NodeDef* mul_right_child = node_map_->GetNode(node->input(1)); +- if (mul_left_child == nullptr || mul_right_child == nullptr) { +- return false; +- } + // One child must be constant, and the second must be Conv op. + const bool left_child_is_constant = IsReallyConstant(*mul_left_child); + const bool right_child_is_constant = IsReallyConstant(*mul_right_child); diff --git a/tensorflow.spec b/tensorflow.spec index 5da9a4a..ecdf4a3 100644 --- a/tensorflow.spec +++ b/tensorflow.spec @@ -192,9 +192,13 @@ Patch0179: CVE-2021-37690-3.patch Patch0180: CVE-2021-41210.patch Patch0181: CVE-2021-41219.patch Patch0182: CVE-2021-41223.patch -Patch0183: 0001-distutils-is-deprecated-in-Python-3.10-51776.patch -Patch0184: 0001-Provide-overload-to-cope-with-const-ness-change-of-N.patch - +Patch0183: CVE-2022-23579.patch +Patch0184: CVE-2022-23583.patch +Patch0185: CVE-2022-23589.patch +Patch0186: CVE-2022-23580.patch +Patch0187: CVE-2022-23581.patch +Patch0188: CVE-2022-21738.patch +Patch0189: CVE-2022-23576.patch Requires: python3-future Requires: python3-numpy @@ -242,8 +246,8 @@ bazel --output_user_root=`pwd`/../output_user_root build --host_copt=-Wno-string %{_bindir}/* %changelog -* Sun Jun 12 2022 Zhipeng Xie - 2.3.1-14 -- backport patch to fix build failure on python3.10 +* Thu Jun 17 2022 dengyuyu - 2.3.1-14 +- Fix CVE-2022-23579.patch CVE-2022-23589.patch CVE-2022-23583.patch CVE-2022-23580.patch CVE-2022-23581.patch CVE-2022-21738.patch CVE-2022-23576.patch * Wed Nov 10 2021 houyingchao - 2.3.1-13 - Fix CVE-2021-41210 CVE-2021-41219 CVE-2021-41223 -- Gitee