From 772f5be7ecf0f4f38220b57510e72d24fa4b6c65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E4=B8=83=E4=B9=90?=
 <7539079+lrmm5n@user.noreply.gitee.com>
Date: Sat, 10 Jul 2021 16:29:20 +0000
Subject: [PATCH 1/2] fix CVE-2021-29536

---
 tensorflow.spec | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tensorflow.spec b/tensorflow.spec
index 2c308c5..fa1b887 100644
--- a/tensorflow.spec
+++ b/tensorflow.spec
@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		tensorflow
 Version:	2.3.1
-Release:	4
+Release:	5
 Summary:	An Open Source Machine Learning Framework for Everyone
 License:	Apache License 2.0
 URL:		https://www.tensorflow.org/
@@ -13,7 +13,8 @@ Patch0001:      0001-Add-arm-source-file-into-aws-checksums.patch
 Patch0002:      CVE-2021-29538.patch
 Patch0003:      CVE-2021-29535.patch
 Patch0004:      CVE-2021-29566.patch
-Patch0005:	CVE-2021-29534.patch
+Patch0005:	    CVE-2021-29534.patch
+Patch0006:      CVE-2021-29536.patch
 Requires:	python3-future
 Requires:	python3-numpy
 
@@ -60,6 +61,9 @@ bazel --output_user_root=`pwd`/../output_user_root build //tensorflow/tools/pip_
 %{_bindir}/*
 
 %changelog
+* Sun Jul 11 2021 lrmm5m <lyin06@foxmail.com> - 2.3.1-5
+- Add patch CVE-2021-29536
+
 * Mon Jun 28 2021 polite2anyone <zhangyao05@outlook,com> - 2.3.1-4
 - Add patch CVE-2021-29534
 
-- 
Gitee


From b50fe5f6df4895faf58ca7a10d893b1e49b99eb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E4=B8=83=E4=B9=90?=
 <7539079+lrmm5n@user.noreply.gitee.com>
Date: Sat, 10 Jul 2021 16:31:40 +0000
Subject: [PATCH 2/2] fix cve-2021-29536

---
 CVE-2021-29536.patch | 57 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 CVE-2021-29536.patch

diff --git a/CVE-2021-29536.patch b/CVE-2021-29536.patch
new file mode 100644
index 0000000..97107bb
--- /dev/null
+++ b/CVE-2021-29536.patch
@@ -0,0 +1,57 @@
+From a324ac84e573fba362a5e53d4e74d5de6729933e Mon Sep 17 00:00:00 2001
+From: Mihai Maruseac <mihaimaruseac@google.com>
+Date: Wed, 21 Apr 2021 18:11:15 -0700
+Subject: [PATCH] Validate arguments to `QuantizedReshape`.
+
+Ensure that validations from `Reshape` also terminate `QuantizedReshape` on failure.
+
+PiperOrigin-RevId: 369775421
+Change-Id: If8c5342267aceea65b7cb83a4b183304886f1ce8
+---
+ .../core/kernels/quantized_reshape_op.cc      | 25 +++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/tensorflow/core/kernels/quantized_reshape_op.cc b/tensorflow/core/kernels/quantized_reshape_op.cc
+index bd76c94edeea7..682f4aaa1f79e 100644
+--- a/tensorflow/core/kernels/quantized_reshape_op.cc
++++ b/tensorflow/core/kernels/quantized_reshape_op.cc
+@@ -17,6 +17,7 @@ limitations under the License.
+ 
+ #include "tensorflow/core/framework/op_kernel.h"
+ #include "tensorflow/core/framework/register_types.h"
++#include "tensorflow/core/framework/tensor_shape.h"
+ #include "tensorflow/core/framework/tensor_types.h"
+ #include "tensorflow/core/framework/types.h"
+ #include "tensorflow/core/kernels/reshape_op.h"
+@@ -30,9 +31,29 @@ class QuantizedReshapeOp : public ReshapeOp {
+   void Compute(OpKernelContext* ctx) override {
+     // This call processes inputs 1 and 2 to write output 0.
+     ReshapeOp::Compute(ctx);
++    if (!ctx->status().ok()) {
++      return;
++    }
++
++    const auto& input_min_float_tensor = ctx->input(2);
++    const auto& input_min_float_shape = input_min_float_tensor.shape();
++    OP_REQUIRES(ctx,
++                TensorShapeUtils::IsScalar(input_min_float_shape) ||
++                    (TensorShapeUtils::IsVector(input_min_float_shape) &&
++                     (input_min_float_shape.dim_size(0) == 1)),
++                errors::InvalidArgument(
++                    "input_min must be a scalar or a vector of 1 element"));
++    const float input_min_float = input_min_float_tensor.flat<float>()(0);
++    const auto& input_max_float_tensor = ctx->input(3);
++    const auto& input_max_float_shape = input_max_float_tensor.shape();
++    OP_REQUIRES(ctx,
++                TensorShapeUtils::IsScalar(input_max_float_shape) ||
++                    (TensorShapeUtils::IsVector(input_max_float_shape) &&
++                     (input_max_float_shape.dim_size(0) == 1)),
++                errors::InvalidArgument(
++                    "input_max must be a scalar or a vector of 1 element"));
++    const float input_max_float = input_max_float_tensor.flat<float>()(0);
+ 
+-    const float input_min_float = ctx->input(2).flat<float>()(0);
+-    const float input_max_float = ctx->input(3).flat<float>()(0);
+     Tensor* output_min = nullptr;
+     OP_REQUIRES_OK(ctx, ctx->allocate_output(1, TensorShape({}), &output_min));
+     output_min->flat<float>()(0) = input_min_float;
\ No newline at end of file
-- 
Gitee