Fix CVE-2019-19126:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126
https://sourceware.org/bugzilla/show_bug.cgi?id=25204

Taken from upstream:
https://sourceware.org/git/?p=glibc.git;a=commit;h=37c90e117310728a4ad1eb998c0bbe7d79c4a398

diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
index 975cbe2..df2cdfd 100644
--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
@@ -31,7 +31,8 @@
    environment variable, LD_PREFER_MAP_32BIT_EXEC.  */
 #define EXTRA_LD_ENVVARS \
   case 21:								  \
-    if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
+    if (!__libc_enable_secure						  \
+	&& memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
       GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
 	|= bit_arch_Prefer_MAP_32BIT_EXEC;				  \
     break;
ass='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=16d503478b4fa66ba971a4a7d129a76b71baaf39'>refs</a><a class='active' href='/guix/log/gnu/tests/singularity.scm'>log</a><a href='/guix/tree/gnu/tests/singularity.scm?id=16d503478b4fa66ba971a4a7d129a76b71baaf39'>tree</a><a href='/guix/commit/gnu/tests/singularity.scm?id=16d503478b4fa66ba971a4a7d129a76b71baaf39'>commit</a><a href='/guix/diff/gnu/tests/singularity.scm?id=16d503478b4fa66ba971a4a7d129a76b71baaf39'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/tests/singularity.scm'>
<input type='hidden' name='id' value='16d503478b4fa66ba971a4a7d129a76b71baaf39'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=16d503478b4fa66ba971a4a7d129a76b71baaf39'>root</a>/<a href='/guix/log/gnu?id=16d503478b4fa66ba971a4a7d129a76b71baaf39'>gnu</a>/<a href='/guix/log/gnu/tests?id=16d503478b4fa66ba971a4a7d129a76b71baaf39'>tests</a>/<a href='/guix/log/gnu/tests/singularity.scm?id=16d503478b4fa66ba971a4a7d129a76b71baaf39'>singularity.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/tests/singularity.scm?id=16d503478b4fa66ba971a4a7d129a76b71baaf39&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-11-09 23:04:14 +0100'>2019-11-09</span></td><td><a href='/guix/commit/gnu/tests/singularity.scm?id=f0034427f50be1bcab137d9877c3586e4be4d83e'>tests: Update references to the now-deprecated 'guile-json' variable.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/tests/docker.scm (build-tarball&amp;run-docker-test): Refer to
'guile-json-3' instead of 'guile-json'.
* gnu/tests/singularity.scm (build-tarball&amp;run-singularity-test):
Likewise.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-07-04 18:05:02 +0200'>2019-07-04</span></td><td><a href='/guix/commit/gnu/tests/singularity.scm?id=dea62932bc929243dae5e8b08f4fbe0b6f70be95'>pack: 'squashfs' backend records the profile's search paths.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/scripts/pack.scm (singularity-environment-file): New procedure.
(squashfs-image): Use it, and create /.singularity/env/90-environment.sh.
* gnu/tests/singularity.scm (run-singularity-test)["singularity run,
with environment"]: New test, currently skipped.
* gnu/tests/singularity.scm (build-tarball&amp;run-singularity-test): Add
GUILE-JSON to the profile.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-06-07 09:57:19 +0200'>2019-06-07</span></td><td><a href='/guix/commit/gnu/tests/singularity.scm?id=a0f352b30f4869a7af7017b8a5011ac7602dd115'>pack: Add '--entry-point'.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/scripts/pack.scm (self-contained-tarball): Add #:entry-point and
warn when it's true.
(squashfs-image): Add #:entry-point and honor it.
(docker-image): Add #:entry-point and honor it.
(%options, show-help): Add '--entry-point'.
(guix-pack): Honor '--entry-point' and pass #:entry-point to BUILD-IMAGE.
* gnu/tests/docker.scm (run-docker-test): Test 'docker run' with the
default entry point.
(build-tarball&amp;run-docker-test): Pass #:entry-point to 'docker-image'.
* doc/guix.texi (Invoking guix pack): Document it.
* gnu/tests/singularity.scm (run-singularity-test)["singularity run"]:
New test.
(build-tarball&amp;run-singularity-test): Pass #:entry-point to
'squashfs-image'.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-06-07 09:57:19 +0200'>2019-06-07</span></td><td><a href='/guix/commit/gnu/tests/singularity.scm?id=08814aec6ae75adcd059c5235c90ad26e5d5607e'>services: Add Singularity.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/linux.scm (singularity)[source](snippet): Change file
name of setuid helpers in libexec/cli/*.exec.
[arguments]: Remove "--disable-suid".
* gnu/services/docker.scm (%singularity-activation): New variable.
(singularity-setuid-programs): New procedure.
(singularity-service-type): New variable.
* gnu/tests/singularity.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2019-11-09	tests: Update references to the now-deprecated 'guile-json' variable....* gnu/tests/docker.scm (build-tarball&run-docker-test): Refer to 'guile-json-3' instead of 'guile-json'. * gnu/tests/singularity.scm (build-tarball&run-singularity-test): Likewise.	Ludovic Courtès
2019-07-04	pack: 'squashfs' backend records the profile's search paths....* guix/scripts/pack.scm (singularity-environment-file): New procedure. (squashfs-image): Use it, and create /.singularity/env/90-environment.sh. * gnu/tests/singularity.scm (run-singularity-test)["singularity run, with environment"]: New test, currently skipped. * gnu/tests/singularity.scm (build-tarball&run-singularity-test): Add GUILE-JSON to the profile.	Ludovic Courtès
2019-06-07	pack: Add '--entry-point'....* guix/scripts/pack.scm (self-contained-tarball): Add #:entry-point and warn when it's true. (squashfs-image): Add #:entry-point and honor it. (docker-image): Add #:entry-point and honor it. (%options, show-help): Add '--entry-point'. (guix-pack): Honor '--entry-point' and pass #:entry-point to BUILD-IMAGE. * gnu/tests/docker.scm (run-docker-test): Test 'docker run' with the default entry point. (build-tarball&run-docker-test): Pass #:entry-point to 'docker-image'. * doc/guix.texi (Invoking guix pack): Document it. * gnu/tests/singularity.scm (run-singularity-test)["singularity run"]: New test. (build-tarball&run-singularity-test): Pass #:entry-point to 'squashfs-image'.	Ludovic Courtès
2019-06-07	services: Add Singularity....* gnu/packages/linux.scm (singularity)[source](snippet): Change file name of setuid helpers in libexec/cli/.exec. [arguments]: Remove "--disable-suid". gnu/services/docker.scm (%singularity-activation): New variable. (singularity-setuid-programs): New procedure. (singularity-service-type): New variable. * gnu/tests/singularity.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Miscellaneous Services): Document it.	Ludovic Courtès