Fix CVE-2019-19126:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126
https://sourceware.org/bugzilla/show_bug.cgi?id=25204

Taken from upstream:
https://sourceware.org/git/?p=glibc.git;a=commit;h=37c90e117310728a4ad1eb998c0bbe7d79c4a398

diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
index 975cbe2..df2cdfd 100644
--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
@@ -31,7 +31,8 @@
    environment variable, LD_PREFER_MAP_32BIT_EXEC.  */
 #define EXTRA_LD_ENVVARS \
   case 21:								  \
-    if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
+    if (!__libc_enable_secure						  \
+	&& memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
       GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
 	|= bit_arch_Prefer_MAP_32BIT_EXEC;				  \
     break;
tomized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65'>refs</a><a class='active' href='/guix/log/tests/cran.scm'>log</a><a href='/guix/tree/tests/cran.scm?id=f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65'>tree</a><a href='/guix/commit/tests/cran.scm?id=f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65'>commit</a><a href='/guix/diff/tests/cran.scm?id=f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/cran.scm'>
<input type='hidden' name='id' value='f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65'>root</a>/<a href='/guix/log/tests?id=f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65'>tests</a>/<a href='/guix/log/tests/cran.scm?id=f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65'>cran.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/cran.scm?id=f0f53a817ab4c1d5052d12df9b9a7c6befb9cd65&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-01-16 23:14:05 +0100'>2020-01-16</span></td><td><a href='/guix/commit/tests/cran.scm?id=cfd1ed84013df85f0e473884ef4038b4bd7120d4'>import: cran: Avoid uses of '@@' in the tests.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/import/cran.scm (description-&gt;alist, description-&gt;package): Export.
&lt;top level&gt;: Set! 'listify'.
* tests/cran.scm (description-alist, "description-&gt;package"): Remove use
of '@@' to access the relevant bindings.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2017-05-13 12:40:20 +0200'>2017-05-13</span></td><td><a href='/guix/commit/tests/cran.scm?id=db427602d8f993ee0025fa68d1af274aa8d69ab9'>import: cran: Robustify cran-package?.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/import/cran.scm (package-&gt;upstream-name): Return #f if url
  start and end index could not be determined.
  (cran-package?): Check if the upstream-name can be extracted from
  given package.
* tests/cran.scm: Add "r-minimal is not a cran package" to make sure that
  r-minimal is not detected as a cran package.

This fixes a failure of guix refresh on r-minimal because no
upsteam-name can be determined from ".../R-version.tar.gz" uri.
</span></span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2017-03-08 23:42:52 +0100'>2017-03-08</span></td><td><a href='/guix/commit/tests/cran.scm?id=dd420bf3430eb644b93ca224da4c0a3f5db7a42f'>tests: Avoid zero-expression 'begin' form.</a><span class='msg-avail'>...<span class='msg-tooltip'>* tests/cran.scm ("description-&gt;package"): Add body after the expected
pattern in 'match'.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2016-11-10 11:58:43 +0100'>2016-11-10</span></td><td><a href='/guix/commit/tests/cran.scm?id=324a2ba56c2f4c0d91567ed08024ae2c492f3b23'>tests: Adjust 'url-fetch' mocks to TLS changes.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is a followup to bc3c41ce36349ed4ec758c70b48a7059e363043a.

* tests/cpan.scm ("cpan-&gt;guix-package"): Add #:verify-certificate?
parameter in 'url-fetch' mock.
* tests/cran.scm ("description-&gt;package"): Likewise.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2020-01-16	import: cran: Avoid uses of '@@' in the tests....* guix/import/cran.scm (description->alist, description->package): Export. <top level>: Set! 'listify'. * tests/cran.scm (description-alist, "description->package"): Remove use of '@@' to access the relevant bindings.	Ludovic Courtès
2017-05-13	import: cran: Robustify cran-package?....* guix/import/cran.scm (package->upstream-name): Return #f if url start and end index could not be determined. (cran-package?): Check if the upstream-name can be extracted from given package. * tests/cran.scm: Add "r-minimal is not a cran package" to make sure that r-minimal is not detected as a cran package. This fixes a failure of guix refresh on r-minimal because no upsteam-name can be determined from ".../R-version.tar.gz" uri.	Mathieu Othacehe
2017-03-08	tests: Avoid zero-expression 'begin' form....* tests/cran.scm ("description->package"): Add body after the expected pattern in 'match'.	Ludovic Courtès
2016-11-10	tests: Adjust 'url-fetch' mocks to TLS changes....This is a followup to bc3c41ce36349ed4ec758c70b48a7059e363043a. * tests/cpan.scm ("cpan->guix-package"): Add #:verify-certificate? parameter in 'url-fetch' mock. * tests/cran.scm ("description->package"): Likewise.	Ludovic Courtès