From ea15bb2e9a4efb40017266d0c52be51394e3f304 Mon Sep 17 00:00:00 2001 From: hao Date: Tue, 13 Jul 2021 17:59:32 -0400 Subject: [PATCH] fix issue I3XTEJ --- CVE-2021-29568.patch | 13 ++++++++++++ tensorflow.spec | 50 ++++++++++++++++++++++++-------------------- 2 files changed, 40 insertions(+), 23 deletions(-) create mode 100644 CVE-2021-29568.patch diff --git a/CVE-2021-29568.patch b/CVE-2021-29568.patch new file mode 100644 index 0000000..db113aa --- /dev/null +++ b/CVE-2021-29568.patch @@ -0,0 +1,13 @@ +diff -Nur a/tensorflow/core/kernels/parameterized_truncated_normal_op.cc b/tensorflow/core/kernels/parameterized_truncated_normal_op.cc +--- a/tensorflow/core/kernels/parameterized_truncated_normal_op.cc 2021-07-13 17:47:52.501093065 -0400 ++++ b/tensorflow/core/kernels/parameterized_truncated_normal_op.cc 2021-07-13 17:49:51.678024300 -0400 +@@ -627,6 +627,9 @@ + ctx, TensorShapeUtils::IsVector(shape_tensor.shape()), + errors::InvalidArgument("Input shape should be a vector, got shape: ", + shape_tensor.shape().DebugString())); ++ OP_REQUIRES(ctx, shape_tensor.NumElements() > 0, ++ errors::InvalidArgument("Shape tensor must not be empty, got ", ++ shape_tensor.DebugString())); + int32 num_batches = shape_tensor.flat()(0); + + int32 samples_per_batch = 1; diff --git a/tensorflow.spec b/tensorflow.spec index 2c308c5..2054ab6 100644 --- a/tensorflow.spec +++ b/tensorflow.spec @@ -1,21 +1,22 @@ %global _empty_manifest_terminate_build 0 -Name: tensorflow -Version: 2.3.1 -Release: 4 -Summary: An Open Source Machine Learning Framework for Everyone -License: Apache License 2.0 -URL: https://www.tensorflow.org/ -Source0: https://github.com/tensorflow/tensorflow/archive/v%{version}.tar.gz#/tensorflow-%{version}.tar.gz -#sh -x updateSource1.sh -Source1: external-%{_arch}.tar.bz2 - -Patch0001: 0001-Add-arm-source-file-into-aws-checksums.patch -Patch0002: CVE-2021-29538.patch -Patch0003: CVE-2021-29535.patch -Patch0004: CVE-2021-29566.patch -Patch0005: CVE-2021-29534.patch -Requires: python3-future -Requires: python3-numpy + +Name: tensorflow +Version: 2.3.1 +Release: 5 +Summary: An Open Source Machine Learning Framework for Everyone +License: W3C NCSA BSL-1.0 Public Domain Python-2.0 LGPL-2.1-only LGPL-3.0-only Apache-1.1 OpenSSL Libpng IJG Zlib Apache-2.0 GPL-2.0-only CC-BY-3.0 BSD ISC MIT GPL-3.0-only ICU SSLeay MPL-2.0 EPL-1.0 GPL-2.0-or-later + +URL: https://www.tensorflow.org/ +Source0: https://github.com/tensorflow/tensorflow/archive/v%{version}.tar.gz#/tensorflow-%{version}.tar.gz +Source1: external-%{_arch}.tar.bz2 +Patch0001: 0001-Add-arm-source-file-into-aws-checksums.patch +Patch0002: CVE-2021-29538.patch +Patch0003: CVE-2021-29535.patch +Patch0004: CVE-2021-29566.patch +Patch0005: CVE-2021-29534.patch +Patch0006: CVE-2021-29568.patch +Requires: python3-future +Requires: python3-numpy %description TensorFlow is an end-to-end open source platform for machine learning. It has a comprehensive, flexible ecosystem of tools, libraries, and community resources that lets researchers push the state-of-the-art in ML and developers easily build and deploy ML-powered applications. @@ -25,12 +26,12 @@ TensorFlow was originally developed by researchers and engineers working on the TensorFlow provides stable Python and C++ APIs, as well as non-guaranteed backward compatible API for other languages. %package -n python3-tensorflow -Summary: An Open Source Machine Learning Framework for Everyone -Provides: python-tensorflow +Summary: An Open Source Machine Learning Framework for Everyone +Provides: python-tensorflow = %{version} #It is because external-$(arch).tar.bz2 is built on bazel 3.5.0 -BuildRequires: bazel == 3.5.0 gcc gcc-c++ -BuildRequires: python3-numpy python3-devel python3-Keras-Preprocessing -BuildRequires: python3-pip python3-wheel +BuildRequires: bazel == 3.5.0 gcc gcc-c++ +BuildRequires: python3-numpy python3-devel python3-Keras-Preprocessing +BuildRequires: python3-pip python3-wheel %description -n python3-tensorflow TensorFlow is an end-to-end open source platform for machine learning. It has a comprehensive, flexible ecosystem of tools, libraries, and community resources that lets researchers push the state-of-the-art in ML and developers easily build and deploy ML-powered applications. @@ -60,7 +61,10 @@ bazel --output_user_root=`pwd`/../output_user_root build //tensorflow/tools/pip_ %{_bindir}/* %changelog -* Mon Jun 28 2021 polite2anyone - 2.3.1-4 +* Mon Jul 14 2021 hao - 2.3.1-5 +- Add patch CVE-2021-29568 + +* Mon Jun 28 2021 polite2anyone - 2.3.1-4 - Add patch CVE-2021-29534 * Fri Jun 25 2021 yaozc7 - 2.3.1-3 -- Gitee