add patch CVE-2021-29538,CVE-2021-29566.patch,CVE-2021-29535.patch
This commit is contained in:
yaozc701
parent
f26f76e173
commit
c17f2970db
42
CVE-2021-29535.patch
Normal file
42
CVE-2021-29535.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
From efea03b38fb8d3b81762237dc85e579cc5fc6e87 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mihai Maruseac <mihaimaruseac@google.com>
|
||||||
|
Date: Wed, 21 Apr 2021 16:15:46 -0700
|
||||||
|
Subject: [PATCH] Validate inputs to `QuantizedMul`
|
||||||
|
|
||||||
|
PiperOrigin-RevId: 369756982
|
||||||
|
Change-Id: I00d960cc3b9316fd7a86bd37a44e341c96e17624
|
||||||
|
---
|
||||||
|
tensorflow/core/kernels/quantized_mul_op.cc | 20 ++++++++++++++++----
|
||||||
|
1 file changed, 16 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tensorflow/core/kernels/quantized_mul_op.cc b/tensorflow/core/kernels/quantized_mul_op.cc
|
||||||
|
index fb56f68bf14db..22cff8939449a 100644
|
||||||
|
--- a/tensorflow/core/kernels/quantized_mul_op.cc
|
||||||
|
+++ b/tensorflow/core/kernels/quantized_mul_op.cc
|
||||||
|
@@ -284,10 +284,22 @@ class QuantizedMulOp : public OpKernel {
|
||||||
|
void Compute(OpKernelContext* context) override {
|
||||||
|
const Tensor& x = context->input(0);
|
||||||
|
const Tensor& y = context->input(1);
|
||||||
|
- const float min_x = context->input(2).flat<float>()(0);
|
||||||
|
- const float max_x = context->input(3).flat<float>()(0);
|
||||||
|
- const float min_y = context->input(4).flat<float>()(0);
|
||||||
|
- const float max_y = context->input(5).flat<float>()(0);
|
||||||
|
+ auto& min_x_tensor = context->input(2);
|
||||||
|
+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(min_x_tensor.shape()),
|
||||||
|
+ errors::InvalidArgument("min_x must be a scalar"));
|
||||||
|
+ const float min_x = min_x_tensor.flat<float>()(0);
|
||||||
|
+ auto& max_x_tensor = context->input(3);
|
||||||
|
+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(max_x_tensor.shape()),
|
||||||
|
+ errors::InvalidArgument("max_x must be a scalar"));
|
||||||
|
+ const float max_x = max_x_tensor.flat<float>()(0);
|
||||||
|
+ auto& min_y_tensor = context->input(4);
|
||||||
|
+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(min_y_tensor.shape()),
|
||||||
|
+ errors::InvalidArgument("min_y must be a scalar"));
|
||||||
|
+ const float min_y = min_y_tensor.flat<float>()(0);
|
||||||
|
+ auto& max_y_tensor = context->input(5);
|
||||||
|
+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(max_y_tensor.shape()),
|
||||||
|
+ errors::InvalidArgument("max_y must be a scalar"));
|
||||||
|
+ const float max_y = max_y_tensor.flat<float>()(0);
|
||||||
|
|
||||||
|
BCast bcast(BCast::FromShape(x.shape()), BCast::FromShape(y.shape()));
|
||||||
|
if (!bcast.IsValid()) {
|
||||||
42
CVE-2021-29538.patch
Normal file
42
CVE-2021-29538.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
From c570e2ecfc822941335ad48f6e10df4e21f11c96 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mihai Maruseac <mihaimaruseac@google.com>
|
||||||
|
Date: Wed, 21 Apr 2021 17:50:10 -0700
|
||||||
|
Subject: [PATCH] Fix issues in Conv2DBackpropFilter.
|
||||||
|
|
||||||
|
PiperOrigin-RevId: 369772454
|
||||||
|
Change-Id: I49b465f2ae2ce91def61b56cea8000197d5177d8
|
||||||
|
---
|
||||||
|
tensorflow/core/kernels/conv_grad_filter_ops.cc | 13 +++++++++++++
|
||||||
|
1 file changed, 13 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tensorflow/core/kernels/conv_grad_filter_ops.cc b/tensorflow/core/kernels/conv_grad_filter_ops.cc
|
||||||
|
index fb48e3e285a27..2645d850ab7cf 100644
|
||||||
|
--- a/tensorflow/core/kernels/conv_grad_filter_ops.cc
|
||||||
|
+++ b/tensorflow/core/kernels/conv_grad_filter_ops.cc
|
||||||
|
@@ -495,6 +495,14 @@ class Conv2DCustomBackpropFilterOp : public OpKernel {
|
||||||
|
const int filter_total_size = dims.spatial_dims[0].filter_size *
|
||||||
|
dims.spatial_dims[1].filter_size *
|
||||||
|
dims.in_depth;
|
||||||
|
+ OP_REQUIRES(
|
||||||
|
+ context,
|
||||||
|
+ filter_total_size * dims.out_depth == filter_backprop->NumElements(),
|
||||||
|
+ errors::InvalidArgument(
|
||||||
|
+ "filter_size does not have enough elements, requested ",
|
||||||
|
+ filter_total_size * dims.out_depth, ", got ",
|
||||||
|
+ filter_backprop->NumElements()));
|
||||||
|
+
|
||||||
|
// The output image size is the spatial size of the output.
|
||||||
|
const int output_image_size =
|
||||||
|
dims.spatial_dims[0].output_size * dims.spatial_dims[1].output_size;
|
||||||
|
@@ -518,6 +526,11 @@ class Conv2DCustomBackpropFilterOp : public OpKernel {
|
||||||
|
|
||||||
|
const size_t work_unit_size = size_A + size_B + size_C;
|
||||||
|
|
||||||
|
+ OP_REQUIRES(
|
||||||
|
+ context, work_unit_size != 0,
|
||||||
|
+ errors::InvalidArgument(
|
||||||
|
+ "Work size for convolution would be 0, which is not acceptable"));
|
||||||
|
+
|
||||||
|
const size_t shard_size =
|
||||||
|
(target_working_set_size + work_unit_size - 1) / work_unit_size;
|
||||||
|
|
||||||
65
CVE-2021-29566.patch
Normal file
65
CVE-2021-29566.patch
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
From 3f6fe4dfef6f57e768260b48166c27d148f3015f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mihai Maruseac <mihaimaruseac@google.com>
|
||||||
|
Date: Tue, 4 May 2021 18:33:28 -0700
|
||||||
|
Subject: [PATCH] Add missing validations in dillation ops.
|
||||||
|
|
||||||
|
PiperOrigin-RevId: 372037158
|
||||||
|
Change-Id: I4ee304c84a02550c030288a6534000b934fc1599
|
||||||
|
---
|
||||||
|
tensorflow/core/kernels/dilation_ops.cc | 15 +++++++++++----
|
||||||
|
1 file changed, 11 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tensorflow/core/kernels/dilation_ops.cc b/tensorflow/core/kernels/dilation_ops.cc
|
||||||
|
index 738ea31d555d5..996ddb62bfefe 100644
|
||||||
|
--- a/tensorflow/core/kernels/dilation_ops.cc
|
||||||
|
+++ b/tensorflow/core/kernels/dilation_ops.cc
|
||||||
|
@@ -130,6 +130,7 @@ class DilationOp : public OpKernel {
|
||||||
|
ParseSizes(context, strides_, rates_, padding_, &stride_rows, &stride_cols,
|
||||||
|
&rate_rows, &rate_cols, &pad_top, &pad_left, &out_rows,
|
||||||
|
&out_cols);
|
||||||
|
+ if (!context->status().ok()) return;
|
||||||
|
|
||||||
|
// Output tensor is of the following dimensions:
|
||||||
|
// [ batch, out_rows, out_cols, depth ]
|
||||||
|
@@ -229,6 +230,7 @@ class DilationBackpropInputOp : public OpKernel {
|
||||||
|
ParseSizes(context, strides_, rates_, padding_, &stride_rows, &stride_cols,
|
||||||
|
&rate_rows, &rate_cols, &pad_top, &pad_left, &out_rows,
|
||||||
|
&out_cols);
|
||||||
|
+ if (!context->status().ok()) return;
|
||||||
|
|
||||||
|
// Verify that the incoming gradient tensor has the expected size
|
||||||
|
// [ batch, out_rows, out_cols, depth ]
|
||||||
|
@@ -318,8 +320,10 @@ struct DilationBackpropInput<CPUDevice, T> {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- in_backprop(b, h_in_max, w_in_max, d) +=
|
||||||
|
- out_backprop(b, h_out, w_out, d);
|
||||||
|
+ if (h_in_max < input_rows && w_in_max < input_cols) {
|
||||||
|
+ in_backprop(b, h_in_max, w_in_max, d) +=
|
||||||
|
+ out_backprop(b, h_out, w_out, d);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -349,6 +353,7 @@ class DilationBackpropFilterOp : public OpKernel {
|
||||||
|
ParseSizes(context, strides_, rates_, padding_, &stride_rows, &stride_cols,
|
||||||
|
&rate_rows, &rate_cols, &pad_top, &pad_left, &out_rows,
|
||||||
|
&out_cols);
|
||||||
|
+ if (!context->status().ok()) return;
|
||||||
|
|
||||||
|
// Verify that the incoming gradient tensor has the expected size
|
||||||
|
// [ batch, out_rows, out_cols, depth ]
|
||||||
|
@@ -438,8 +443,10 @@ struct DilationBackpropFilter<CPUDevice, T> {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- filter_backprop(h_max, w_max, d) +=
|
||||||
|
- out_backprop(b, h_out, w_out, d);
|
||||||
|
+ if (h_max < filter_rows && w_max < filter_cols) {
|
||||||
|
+ filter_backprop(h_max, w_max, d) +=
|
||||||
|
+ out_backprop(b, h_out, w_out, d);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -1,16 +1,18 @@
|
|||||||
%global _empty_manifest_terminate_build 0
|
%global _empty_manifest_terminate_build 0
|
||||||
Name: tensorflow
|
Name: tensorflow
|
||||||
Version: 2.3.1
|
Version: 2.3.1
|
||||||
Release: 2
|
Release: 3
|
||||||
Summary: An Open Source Machine Learning Framework for Everyone
|
Summary: An Open Source Machine Learning Framework for Everyone
|
||||||
License: Apache License 2.0
|
License: Apache License 2.0
|
||||||
URL: https://www.tensorflow.org/
|
URL: https://www.tensorflow.org/
|
||||||
Source0: https://github.com/tensorflow/tensorflow/archive/v%{version}.tar.gz#/tensorflow-%{version}.tar.gz
|
Source0: https://github.com/tensorflow/tensorflow/archive/v%{version}.tar.gz#/tensorflow-%{version}.tar.gz
|
||||||
#sh -x updateSource1.sh
|
#sh -x updateSource1.sh
|
||||||
Source1: external-%{_arch}.tar.bz2
|
Source1: external-%{_arch}.tar.bz2
|
||||||
|
|
||||||
Patch0001: 0001-Add-arm-source-file-into-aws-checksums.patch
|
|
||||||
|
|
||||||
|
Patch0001: 0001-Add-arm-source-file-into-aws-checksums.patch
|
||||||
|
Patch0002: CVE-2021-29538.patch
|
||||||
|
Patch0003: CVE-2021-29535.patch
|
||||||
|
Patch0004: CVE-2021-29566.patch
|
||||||
Requires: python3-future
|
Requires: python3-future
|
||||||
Requires: python3-numpy
|
Requires: python3-numpy
|
||||||
|
|
||||||
@ -57,6 +59,9 @@ bazel --output_user_root=`pwd`/../output_user_root build //tensorflow/tools/pip_
|
|||||||
%{_bindir}/*
|
%{_bindir}/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 25 2021 yaozc7 <yaozc7@foxmail.com> - 2.3.1-3
|
||||||
|
- Add patch CVE-2021-29538,CVE-2021-29535,CVE-2021-29566
|
||||||
|
|
||||||
* Mon May 31 2021 huanghaitao <huanghaitao8@huawei.com> - 2.3.1-2
|
* Mon May 31 2021 huanghaitao <huanghaitao8@huawei.com> - 2.3.1-2
|
||||||
- Completing build dependencies to fix gcc/gcc-c++ compiler missing error
|
- Completing build dependencies to fix gcc/gcc-c++ compiler missing error
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user