From f37c38c5d3559b586ddbc82f1f416dd211c6a2af Mon Sep 17 00:00:00 2001 From: boris Date: Mon, 28 Jun 2021 22:59:18 +0800 Subject: [PATCH] add patch CVE-2021-29534 --- CVE-2021-29534.patch | 64 ++++++++++++++++++++++++++++++++++++++++++++ tensorflow.spec | 6 ++++- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 CVE-2021-29534.patch diff --git a/CVE-2021-29534.patch b/CVE-2021-29534.patch new file mode 100644 index 0000000..2f710ce --- /dev/null +++ b/CVE-2021-29534.patch @@ -0,0 +1,64 @@ +diff -Nur a/tensorflow/core/kernels/sparse_tensors_map_ops.cc b/tensorflow/core/kernels/sparse_tensors_map_ops.cc +--- a/tensorflow/core/kernels/sparse_tensors_map_ops.cc 2020-09-22 09:57:17.000000000 +0800 ++++ b/tensorflow/core/kernels/sparse_tensors_map_ops.cc 2021-06-28 22:53:37.005305788 +0800 +@@ -21,16 +21,12 @@ + #include + #include + +-#include "tensorflow/core/framework/op_kernel.h" +-#include "tensorflow/core/framework/register_types.h" +- +-#include "tensorflow/core/framework/op_kernel.h" +-#include "tensorflow/core/framework/register_types.h" + #include "tensorflow/core/framework/resource_mgr.h" + #include "tensorflow/core/framework/tensor.h" + #include "tensorflow/core/framework/tensor_util.h" + #include "tensorflow/core/framework/types.h" + #include "tensorflow/core/lib/gtl/inlined_vector.h" ++#include "tensorflow/core/util/overflow.h" + #include "tensorflow/core/util/sparse/sparse_tensor.h" + + namespace tensorflow { +@@ -254,7 +250,22 @@ + errors::InvalidArgument( + "Rank of input SparseTensor should be > 1, but saw rank: ", rank)); + +- TensorShape tensor_input_shape(input_shape->vec()); ++ auto input_shape_vec = input_shape->vec(); ++ int new_num_elements = 1; ++ bool overflow_ocurred = false; ++ for (int i = 0; i < input_shape_vec.size(); i++) { ++ new_num_elements = ++ MultiplyWithoutOverflow(new_num_elements, input_shape_vec(i)); ++ if (new_num_elements < 0) { ++ overflow_ocurred = true; ++ } ++ } ++ ++ OP_REQUIRES( ++ context, !overflow_ocurred, ++ errors::Internal("Encountered overflow from large input shape.")); ++ ++ TensorShape tensor_input_shape(input_shape_vec); + gtl::InlinedVector std_order(rank); + std::iota(std_order.begin(), std_order.end(), 0); + SparseTensor input_st; +@@ -262,8 +273,7 @@ + tensor_input_shape, std_order, + &input_st)); + +- auto input_shape_t = input_shape->vec(); +- const int64 N = input_shape_t(0); ++ const int64 N = input_shape_vec(0); + + Tensor sparse_handles(DT_INT64, TensorShape({N})); + auto sparse_handles_t = sparse_handles.vec(); +@@ -274,7 +284,7 @@ + // minibatch entries. + TensorShape output_shape; + OP_REQUIRES_OK(context, TensorShapeUtils::MakeShape( +- input_shape_t.data() + 1, ++ input_shape_vec.data() + 1, + input_shape->NumElements() - 1, &output_shape)); + + // Get groups by minibatch dimension diff --git a/tensorflow.spec b/tensorflow.spec index 452938e..2c308c5 100644 --- a/tensorflow.spec +++ b/tensorflow.spec @@ -1,7 +1,7 @@ %global _empty_manifest_terminate_build 0 Name: tensorflow Version: 2.3.1 -Release: 3 +Release: 4 Summary: An Open Source Machine Learning Framework for Everyone License: Apache License 2.0 URL: https://www.tensorflow.org/ @@ -13,6 +13,7 @@ Patch0001: 0001-Add-arm-source-file-into-aws-checksums.patch Patch0002: CVE-2021-29538.patch Patch0003: CVE-2021-29535.patch Patch0004: CVE-2021-29566.patch +Patch0005: CVE-2021-29534.patch Requires: python3-future Requires: python3-numpy @@ -59,6 +60,9 @@ bazel --output_user_root=`pwd`/../output_user_root build //tensorflow/tools/pip_ %{_bindir}/* %changelog +* Mon Jun 28 2021 polite2anyone - 2.3.1-4 +- Add patch CVE-2021-29534 + * Fri Jun 25 2021 yaozc7 - 2.3.1-3 - Add patch CVE-2021-29538,CVE-2021-29535,CVE-2021-29566 -- Gitee