Patch CVE-2019-19126 in glibc (#360)

SPECS/glibc/CVE-2019-19126.patch

@@ -0,0 +1,31 @@
+From 7966ce07e89fa4ccc8fdba00d4439fc652862462 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Marcin=20Ko=C5=9Bcielnicki?= <mwk@0x04.net>
+Date: Thu, 21 Nov 2019 00:20:15 +0100
+Subject: [PATCH] rtld: Check __libc_enable_secure before honoring
+ LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
+
+The problem was introduced in glibc 2.23, in commit
+b9eb92ab05204df772eb4929eccd018637c9f3e9
+("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
+
+(cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e)
+---
+ sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+index 194369174d..ac694c032e 100644
+--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
++++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+@@ -31,7 +31,8 @@
+    environment variable, LD_PREFER_MAP_32BIT_EXEC.  */
+ #define EXTRA_LD_ENVVARS \
+   case 21:								  \
+-    if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
++    if (!__libc_enable_secure						  \
++	&& memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
+       GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
+ 	|= bit_arch_Prefer_MAP_32BIT_EXEC;				  \
+     break;
+-- 
+2.18.4

SPECS/glibc/glibc.spec

@@ -4,7 +4,7 @@
 Summary:        Main C library
 Name:           glibc
 Version:        2.28
-Release:        13%{?dist}
+Release:        14%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -31,6 +31,8 @@ Patch10:        CVE-2020-1751.nopatch
 # Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content
 Patch11:        CVE-2018-20796.nopatch
 Patch12:        CVE-2019-7309.patch
+# CVE-2019-19126 patch taken from upstream commit 7966ce07e89fa4ccc8fdba00d4439fc652862462
+Patch13:        CVE-2019-19126.patch
 Requires:       filesystem
 Provides:       rtld(GNU_HASH)
 Provides:       /sbin/ldconfig
@@ -304,6 +306,9 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||:
 %defattr(-,root,root)
 
 %changelog
+* Tue Nov 10 2020 Thomas Crain <thcrain@microsoft.com> - 2.28-14
+- Patch CVE-2019-19126
+
 * Wed Oct 28 2020 Henry Li <lihl@microsoft.com> - 2.28-13
 - Used autosetup
 - Added patch to resolve CVE-2019-7309

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -1,12 +1,12 @@
 filesystem-1.1-7.cm1.aarch64.rpm
 kernel-headers-5.4.72-1.cm1.noarch.rpm
-glibc-2.28-13.cm1.aarch64.rpm
-glibc-devel-2.28-13.cm1.aarch64.rpm
-glibc-i18n-2.28-13.cm1.aarch64.rpm
-glibc-iconv-2.28-13.cm1.aarch64.rpm
-glibc-lang-2.28-13.cm1.aarch64.rpm
-glibc-nscd-2.28-13.cm1.aarch64.rpm
-glibc-tools-2.28-13.cm1.aarch64.rpm
+glibc-2.28-14.cm1.aarch64.rpm
+glibc-devel-2.28-14.cm1.aarch64.rpm
+glibc-i18n-2.28-14.cm1.aarch64.rpm
+glibc-iconv-2.28-14.cm1.aarch64.rpm
+glibc-lang-2.28-14.cm1.aarch64.rpm
+glibc-nscd-2.28-14.cm1.aarch64.rpm
+glibc-tools-2.28-14.cm1.aarch64.rpm
 zlib-1.2.11-3.cm1.aarch64.rpm
 zlib-devel-1.2.11-3.cm1.aarch64.rpm
 file-5.38-1.cm1.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -1,12 +1,12 @@
 filesystem-1.1-7.cm1.x86_64.rpm
 kernel-headers-5.4.72-1.cm1.noarch.rpm
-glibc-2.28-13.cm1.x86_64.rpm
-glibc-devel-2.28-13.cm1.x86_64.rpm
-glibc-i18n-2.28-13.cm1.x86_64.rpm
-glibc-iconv-2.28-13.cm1.x86_64.rpm
-glibc-lang-2.28-13.cm1.x86_64.rpm
-glibc-nscd-2.28-13.cm1.x86_64.rpm
-glibc-tools-2.28-13.cm1.x86_64.rpm
+glibc-2.28-14.cm1.x86_64.rpm
+glibc-devel-2.28-14.cm1.x86_64.rpm
+glibc-i18n-2.28-14.cm1.x86_64.rpm
+glibc-iconv-2.28-14.cm1.x86_64.rpm
+glibc-lang-2.28-14.cm1.x86_64.rpm
+glibc-nscd-2.28-14.cm1.x86_64.rpm
+glibc-tools-2.28-14.cm1.x86_64.rpm
 zlib-1.2.11-3.cm1.x86_64.rpm
 zlib-devel-1.2.11-3.cm1.x86_64.rpm
 file-5.38-1.cm1.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -104,13 +104,13 @@ gettext-0.19.8.1-3.cm1.aarch64.rpm
 gettext-debuginfo-0.19.8.1-3.cm1.aarch64.rpm
 gfortran-9.1.0-7.cm1.aarch64.rpm
 glib-2.58.0-6.cm1.aarch64.rpm
-glibc-2.28-13.cm1.aarch64.rpm
-glibc-devel-2.28-13.cm1.aarch64.rpm
-glibc-i18n-2.28-13.cm1.aarch64.rpm
-glibc-iconv-2.28-13.cm1.aarch64.rpm
-glibc-lang-2.28-13.cm1.aarch64.rpm
-glibc-nscd-2.28-13.cm1.aarch64.rpm
-glibc-tools-2.28-13.cm1.aarch64.rpm
+glibc-2.28-14.cm1.aarch64.rpm
+glibc-devel-2.28-14.cm1.aarch64.rpm
+glibc-i18n-2.28-14.cm1.aarch64.rpm
+glibc-iconv-2.28-14.cm1.aarch64.rpm
+glibc-lang-2.28-14.cm1.aarch64.rpm
+glibc-nscd-2.28-14.cm1.aarch64.rpm
+glibc-tools-2.28-14.cm1.aarch64.rpm
 glib-debuginfo-2.58.0-6.cm1.aarch64.rpm
 glib-devel-2.58.0-6.cm1.aarch64.rpm
 glib-schemas-2.58.0-6.cm1.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -104,13 +104,13 @@ gettext-0.19.8.1-3.cm1.x86_64.rpm
 gettext-debuginfo-0.19.8.1-3.cm1.x86_64.rpm
 gfortran-9.1.0-7.cm1.x86_64.rpm
 glib-2.58.0-6.cm1.x86_64.rpm
-glibc-2.28-13.cm1.x86_64.rpm
-glibc-devel-2.28-13.cm1.x86_64.rpm
-glibc-i18n-2.28-13.cm1.x86_64.rpm
-glibc-iconv-2.28-13.cm1.x86_64.rpm
-glibc-lang-2.28-13.cm1.x86_64.rpm
-glibc-nscd-2.28-13.cm1.x86_64.rpm
-glibc-tools-2.28-13.cm1.x86_64.rpm
+glibc-2.28-14.cm1.x86_64.rpm
+glibc-devel-2.28-14.cm1.x86_64.rpm
+glibc-i18n-2.28-14.cm1.x86_64.rpm
+glibc-iconv-2.28-14.cm1.x86_64.rpm
+glibc-lang-2.28-14.cm1.x86_64.rpm
+glibc-nscd-2.28-14.cm1.x86_64.rpm
+glibc-tools-2.28-14.cm1.x86_64.rpm
 glib-debuginfo-2.58.0-6.cm1.x86_64.rpm
 glib-devel-2.58.0-6.cm1.x86_64.rpm
 glib-schemas-2.58.0-6.cm1.x86_64.rpm