Fix CVE-2016-6318.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318

Patch copied from Red Hat:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6318
https://bugzilla.redhat.com/attachment.cgi?id=1188599&action=diff

It is not safe to pass words longer than STRINGSIZE further to cracklib
so the longbuffer cannot be longer than STRINGSIZE.
diff -up cracklib-2.9.0/lib/fascist.c.longgecos cracklib-2.9.0/lib/fascist.c
--- cracklib-2.9.0/lib/fascist.c.longgecos	2014-02-06 16:03:59.000000000 +0100
+++ cracklib-2.9.0/lib/fascist.c	2016-08-08 12:05:40.279235815 +0200
@@ -515,7 +515,7 @@ FascistGecosUser(char *password, const c
     char gbuffer[STRINGSIZE];
     char tbuffer[STRINGSIZE];
     char *uwords[STRINGSIZE];
-    char longbuffer[STRINGSIZE * 2];
+    char longbuffer[STRINGSIZE];
 
     if (gecos == NULL)
 	gecos = "";
@@ -596,38 +596,47 @@ FascistGecosUser(char *password, const c
     {
 	for (i = 0; i < j; i++)
 	{
-	    strcpy(longbuffer, uwords[i]);
-	    strcat(longbuffer, uwords[j]);
-
-	    if (GTry(longbuffer, password))
+	    if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
 	    {
-		return _("it is derived from your password entry");
-	    }
-
-	    strcpy(longbuffer, uwords[j]);
-	    strcat(longbuffer, uwords[i]);
+		strcpy(longbuffer, uwords[i]);
+		strcat(longbuffer, uwords[j]);
 
-	    if (GTry(longbuffer, password))
-	    {
-		return _("it's derived from your password entry");
+		if (GTry(longbuffer, password))
+		{
+		    return _("it is derived from your password entry");
+		}
+
+		strcpy(longbuffer, uwords[j]);
+		strcat(longbuffer, uwords[i]);
+
+		if (GTry(longbuffer, password))
+		{
+		   return _("it's derived from your password entry");
+		}
 	    }
 
-	    longbuffer[0] = uwords[i][0];
-	    longbuffer[1] = '\0';
-	    strcat(longbuffer, uwords[j]);
-
-	    if (GTry(longbuffer, password))
+	    if (strlen(uwords[j]) < STRINGSIZE - 1)
 	    {
-		return _("it is derivable from your password entry");
+		longbuffer[0] = uwords[i][0];
+		longbuffer[1] = '\0';
+		strcat(longbuffer, uwords[j]);
+
+		if (GTry(longbuffer, password))
+		{
+		    return _("it is derivable from your password entry");
+		}
 	    }
 
-	    longbuffer[0] = uwords[j][0];
-	    longbuffer[1] = '\0';
-	    strcat(longbuffer, uwords[i]);
-
-	    if (GTry(longbuffer, password))
+	    if (strlen(uwords[i]) < STRINGSIZE - 1)
 	    {
-		return _("it's derivable from your password entry");
+		longbuffer[0] = uwords[j][0];
+		longbuffer[1] = '\0';
+		strcat(longbuffer, uwords[i]);
+
+		if (GTry(longbuffer, password))
+		{
+		    return _("it's derivable from your password entry");
+		}
 	    }
 	}
     }
09-04</span></td><td><a href='/guix/commit/.mailmap?id=1fd0bf60ea261fac426052386029ead0ac68cad1'>Update mailmap.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2021-07-27 12:34:56 -0400'>2021-07-27</span></td><td><a href='/guix/commit/.mailmap?id=c0e6e8d25e3750a35bebc80469ee86e7826bd769'>Update mailmap.</a><span class='msg-avail'>...</span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2021-07-08 09:48:22 +0200'>2021-07-08</span></td><td><a href='/guix/commit/.mailmap?id=0a04c25482c4d848a6a29711fccf5682319e26aa'>mailmap: Update entries for Matthew James Kraai.</a><span class='msg-avail'>...</span></td><td>Matthew James Kraai</td></tr>
<tr><td><span title='2021-06-23 22:29:23 -0500'>2021-06-23</span></td><td><a href='/guix/commit/.mailmap?id=6d388103a4ed8f14f1ac6ac7a2ff22c5fa6b8cd4'>gnu: Add Sollya.</a><span class='msg-avail'>...</span></td><td>Eric Bavier</td></tr>
<tr><td><span title='2021-04-21 18:02:27 -0400'>2021-04-21</span></td><td><a href='/guix/commit/.mailmap?id=449844474da86b5f10a4c5e4f1744e1e3a716d6e'>Update email address for Kei.</a><span class='msg-avail'>...</span></td><td>Kei Kebreau</td></tr>
<tr><td><span title='2020-05-15 09:08:46 +0200'>2020-05-15</span></td><td><a href='/guix/commit/.mailmap?id=dff31d41d945bf4b25ad3014dac32561bfbb33a0'>mailmap: Update for self.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-05-13 09:30:26 +0300'>2020-05-13</span></td><td><a href='/guix/commit/.mailmap?id=3c986a7dc268756c097212de958f046b29b76c1b'>mailmap: Update entries for Nikita.</a><span class='msg-avail'>...</span></td><td>nikita</td></tr>
<tr><td><span title='2020-03-28 16:30:07 -0400'>2020-03-28</span></td><td><a href='/guix/commit/.mailmap?id=c2cf286c62933d2806ae17b8287520820bf87c7e'>Update email address and Savannah handle for Amin Bandali.</a><span class='msg-avail'>...</span></td><td>Amin Bandali</td></tr>
<tr><td><span title='2020-02-09 23:16:45 +0100'>2020-02-09</span></td><td><a href='/guix/commit/.mailmap?id=e81344428726f3dae5d2a2e7bb296f46fcde6cc5'>Update e-mail address for Jakob L. Kreuze.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2020-01-17 18:30:33 +0100'>2020-01-17</span></td><td><a href='/guix/commit/.mailmap?id=a3143063aeeecb5c02f75a6e1ddc0cc295e0e4f8'>Update email address for Amin Bandali.</a><span class='msg-avail'>...</span></td><td>Amin Bandali</td></tr>
<tr><td><span title='2019-12-19 11:35:23 -0600'>2019-12-19</span></td><td><a href='/guix/commit/.mailmap?id=4b3ff36228da17db980c98fe9e1669be613a5402'>Update email for Brett Gilio.</a><span class='msg-avail'>...</span></td><td>Brett Gilio</td></tr>
<tr><td><span title='2019-12-18 22:57:44 -0600'>2019-12-18</span></td><td><a href='/guix/commit/.mailmap?id=a7cdf124c0b28be6c4e750161c1341753eede7b8'>gnu: leocad: Update to 19.07.1.</a><span class='msg-avail'>...</span></td><td>Eric Bavier</td></tr>
<tr><td><span title='2019-05-03 08:45:55 +0200'>2019-05-03</span></td><td><a href='/guix/commit/.mailmap?id=3e85909044d8d9b492bcd2ecedde26d71794f145'>Correct email address for ison.</a><span class='msg-avail'>...</span></td><td>ison</td></tr>