From b2173a3c5b27d96db539d928683c16b6edc57c2a Mon Sep 17 00:00:00 2001 From: Ding Taixin <1315774958@qq.com> Date: Fri, 6 Aug 2021 00:39:23 +0800 Subject: [PATCH] add patch CVE-2021-29513 --- CVE-2021-29513.patch | 37 +++++++++++++++++++++++++++++++++++++ tensorflow.spec | 6 +++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 CVE-2021-29513.patch diff --git a/CVE-2021-29513.patch b/CVE-2021-29513.patch new file mode 100644 index 0000000..d32d3bb --- /dev/null +++ b/CVE-2021-29513.patch @@ -0,0 +1,37 @@ +From 030af767d357d1b4088c4a25c72cb3906abac489 Mon Sep 17 00:00:00 2001 +From: Amit Patankar +Date: Tue, 13 Apr 2021 14:25:01 -0700 +Subject: [PATCH] Fix `tf.raw_ops.ResourceCountUpTo` null pointer dereference. + +PiperOrigin-RevId: 368294347 +Change-Id: I2c16fbfc9b4966c402c3d8e311f0d665a9c852d8 +--- + tensorflow/python/lib/core/ndarray_tensor.cc | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/tensorflow/python/lib/core/ndarray_tensor.cc b/tensorflow/python/lib/core/ndarray_tensor.cc +index 03fbea397485e..6cf51ceebbdaa 100644 +--- a/tensorflow/python/lib/core/ndarray_tensor.cc ++++ b/tensorflow/python/lib/core/ndarray_tensor.cc +@@ -16,6 +16,7 @@ limitations under the License. + #include "tensorflow/python/lib/core/ndarray_tensor.h" + + #include ++#include + + #include "tensorflow/c/eager/tfe_context_internal.h" + #include "tensorflow/c/tf_tensor_internal.h" +@@ -74,6 +75,13 @@ Status PyArrayDescr_to_TF_DataType(PyArray_Descr* descr, + PyObject* key; + PyObject* value; + Py_ssize_t pos = 0; ++ ++ // Return an error if the fields attribute is null. ++ // Occurs with an improper conversion attempt to resource. ++ if (descr->fields == nullptr) { ++ return errors::Internal("Unexpected numpy data type"); ++ } ++ + if (PyDict_Next(descr->fields, &pos, &key, &value)) { + // In Python 3, the keys of numpy custom struct types are unicode, unlike + // Python 2, where the keys are bytes. diff --git a/tensorflow.spec b/tensorflow.spec index 8068f99..4f4b9d0 100644 --- a/tensorflow.spec +++ b/tensorflow.spec @@ -1,7 +1,7 @@ %global _empty_manifest_terminate_build 0 Name: tensorflow Version: 2.3.1 -Release: 5 +Release: 6 Summary: An Open Source Machine Learning Framework for Everyone License: Apache License 2.0 URL: https://www.tensorflow.org/ @@ -15,6 +15,7 @@ Patch0003: CVE-2021-29535.patch Patch0004: CVE-2021-29566.patch Patch0005: CVE-2021-29534.patch Patch0006: fix_compile.patch +Patch0007: CVE-2021-29513.patch Requires: python3-future Requires: python3-numpy @@ -61,6 +62,9 @@ bazel --output_user_root=`pwd`/../output_user_root build --host_copt=-Wno-string %{_bindir}/* %changelog +* Fri Aug 06 2021 Ding Taixin <1315774958@qq.com> - 2.3.1-6 +- Add patch CVE-2021-29513 + * Fri Aug 06 2021 linjiaxin5 - 2.3.1-5 - Fix failure caused by GCC upgrade to 10 - add patch fix_compile.patch -- Gitee