Fix CVE-2020-10595:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10595

Patch copied from upstream advisory:

https://seclists.org/oss-sec/2020/q1/128

diff --git a/prompting.c b/prompting.c
index e985d95..d81054f 100644
--- a/prompting.c
+++ b/prompting.c
@@ -314,26 +314,27 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name,
     /*
      * Reuse pam_prompts as a starting index and copy the data into the reply
      * area of the krb5_prompt structs.
      */
     pam_prompts = 0;
     if (name != NULL && !args->silent)
         pam_prompts++;
     if (banner != NULL && !args->silent)
         pam_prompts++;
     for (i = 0; i < num_prompts; i++, pam_prompts++) {
-        size_t len;
+        size_t len, allowed;

         if (resp[pam_prompts].resp == NULL)
             goto cleanup;
         len = strlen(resp[pam_prompts].resp);
-        if (len > prompts[i].reply->length)
+        allowed = prompts[i].reply->length;
+        if (allowed == 0 || len > allowed - 1)
             goto cleanup;

         /*
          * The trailing nul is not included in length, but other applications
          * expect it to be there.  Therefore, we copy one more byte than the
          * actual length of the password, but set length to just the length of
          * the password.
          */
         memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len + 1);
         prompts[i].reply->length = (unsigned int) len;
df19ee02fc3a554dea04bc'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/nss.scm'>
<input type='hidden' name='id' value='cdffb73c04d0c68d7edf19ee02fc3a554dea04bc'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=cdffb73c04d0c68d7edf19ee02fc3a554dea04bc'>root</a>/<a href='/guix/log/gnu?id=cdffb73c04d0c68d7edf19ee02fc3a554dea04bc'>gnu</a>/<a href='/guix/log/gnu/packages?id=cdffb73c04d0c68d7edf19ee02fc3a554dea04bc'>packages</a>/<a href='/guix/log/gnu/packages/nss.scm?id=cdffb73c04d0c68d7edf19ee02fc3a554dea04bc'>nss.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/nss.scm?id=cdffb73c04d0c68d7edf19ee02fc3a554dea04bc&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-08-06 17:06:57 +0200'>2019-08-06</span></td><td><a href='/guix/commit/gnu/packages/nss.scm?id=58e37b5441f548d2980fd3280547ad4b32ce7d44'>gnu: nss: Fix build failure on armhf-linux.</a><span class='msg-avail'>...<span class='msg-tooltip'>Fixes &lt;https://bugs.gnu.org/36930&gt;.

* gnu/packages/patches/nss-freebl-stubs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/nss.scm (nss)[source](patches): Add it.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-08-04 13:49:57 +0200'>2019-08-04</span></td><td><a href='/guix/commit/gnu/packages/nss.scm?id=8ed97b6ea11f4f875e1116fadfa69143a9c3d6ca'>gnu: nss, nss-certs: Update to 3.45.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/certs.scm (nss-certs): Update to 3.45.
* gnu/packages/nss.scm (nss): Likewise.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-06-29 23:30:18 +0200'>2019-06-29</span></td><td><a href='/guix/commit/gnu/packages/nss.scm?id=c2dad3f98300ac71fcac5c3048673a04c24fe1ec'>gnu: nss, nss-certs: Update to 3.44.1.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/certs.scm (nss-certs): Update to 3.44.1.
* gnu/packages/nss.scm (nss): Likewise.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-05-24 23:28:32 +0200'>2019-05-24</span></td><td><a href='/guix/commit/gnu/packages/nss.scm?id=136b7d81f0eb713783e9ea7cf7f260a2b6252dfd'>gnu: nss, nss-certs: Update to 3.44.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/nss.scm (nss): Update to 3.44.
* gnu/packages/certs.scm (nss-certs): Likewise.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-04-08 00:54:01 +0200'>2019-04-08</span></td><td><a href='/guix/commit/gnu/packages/nss.scm?id=ba00235a9652bb129ff6867ffc3c7cfafe1cca09'>Merge branch 'master' into staging</a></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-04-04 17:47:02 +0200'>2019-04-04</span></td><td><a href='/guix/commit/gnu/packages/nss.scm?id=aff0cce9175aaf836dd78941eb17549e3bfa7188'>gnu: Move nss &amp; co. to nss.scm.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/gnuzilla.scm (nspr, nss): Move to...
* gnu/packages/nss.scm: ... here.  New file.
* gnu/packages/chromium.scm, gnu/packages/disk.scm,
gnu/packages/freedesktop.scm, gnu/packages/gnome.scm,
gnu/packages/gnunet.scm, gnu/packages/java.scm,
gnu/packages/libreoffice.scm, gnu/packages/linux.scm,
gnu/packages/mate.scm, gnu/packages/openldap.scm,
gnu/packages/package-management.scm, gnu/packages/password-utils.scm,
gnu/packages/polkit.scm, gnu/packages/qt.scm,
gnu/packages/sssd.scm, gnu/packages/storage.scm,
gnu/packages/vpn.scm, gnu/packages/web.scm, gnu/packages/xml.scm: Adjust
accordingly.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add nss.scm.
</span></span></td><td>Ludovic Courtès</td></tr>