Fix CVE-2020-10595:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10595

Patch copied from upstream advisory:

https://seclists.org/oss-sec/2020/q1/128

diff --git a/prompting.c b/prompting.c
index e985d95..d81054f 100644
--- a/prompting.c
+++ b/prompting.c
@@ -314,26 +314,27 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name,
     /*
      * Reuse pam_prompts as a starting index and copy the data into the reply
      * area of the krb5_prompt structs.
      */
     pam_prompts = 0;
     if (name != NULL && !args->silent)
         pam_prompts++;
     if (banner != NULL && !args->silent)
         pam_prompts++;
     for (i = 0; i < num_prompts; i++, pam_prompts++) {
-        size_t len;
+        size_t len, allowed;

         if (resp[pam_prompts].resp == NULL)
             goto cleanup;
         len = strlen(resp[pam_prompts].resp);
-        if (len > prompts[i].reply->length)
+        allowed = prompts[i].reply->length;
+        if (allowed == 0 || len > allowed - 1)
             goto cleanup;

         /*
          * The trailing nul is not included in length, but other applications
          * expect it to be there.  Therefore, we copy one more byte than the
          * actual length of the password, but set length to just the length of
          * the password.
          */
         memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len + 1);
         prompts[i].reply->length = (unsigned int) len;
4f8d5e63b2f83fc0b9297e874f03c8424303b488'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/python.scm'>
<input type='hidden' name='id' value='4f8d5e63b2f83fc0b9297e874f03c8424303b488'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=4f8d5e63b2f83fc0b9297e874f03c8424303b488'>root</a>/<a href='/guix/log/gnu?id=4f8d5e63b2f83fc0b9297e874f03c8424303b488'>gnu</a>/<a href='/guix/log/gnu/packages?id=4f8d5e63b2f83fc0b9297e874f03c8424303b488'>packages</a>/<a href='/guix/log/gnu/packages/python.scm?id=4f8d5e63b2f83fc0b9297e874f03c8424303b488'>python.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/python.scm?id=4f8d5e63b2f83fc0b9297e874f03c8424303b488&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-12-21 23:42:10 +0100'>2020-12-21</span></td><td><a href='/guix/commit/gnu/packages/python.scm?id=bbe4ed65ed5fe7dc8ed9d226042852387cee3b1e'>Merge branch 'master' into ungrafting</a></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-12-14 10:34:31 +0100'>2020-12-14</span></td><td><a href='/guix/commit/gnu/packages/python.scm?id=5fe87ef51c0b6c41ad8f53579f0fd515f0ab059e'>gnu: Add python-3.9.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/python.scm (python-3.9): New variable.
* gnu/packages/patches/python-3.9-fix-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Tanguy Le Carrour</td></tr>
<tr><td><span title='2020-12-08 22:57:53 +0100'>2020-12-08</span></td><td><a href='/guix/commit/gnu/packages/python.scm?id=f936a300b48955faecce028ac9ac509b1b83906c'>gnu: Python: Fix CVE-2020-26116.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/patches/python-CVE-2020-26116.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/python.scm (python-3.8)[source](patches): Add it.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-10-26 15:53:37 +0100'>2020-10-26</span></td><td><a href='/guix/commit/gnu/packages/python.scm?id=e6320ba20404d4a6d81e42f96c3792b7122871b0'>gnu: python: Disable failing tests for the Hurd.</a><span class='msg-avail'>...<span class='msg-tooltip'>Fixes &lt;https://bugs.gnu.org/43860&gt;.

* gnu/packages/python.scm (python-3.8)[arguments]: When building for the Hurd,
disable more tests.
</span></span></td><td>Jan (janneke) Nieuwenhuizen</td></tr>
<tr><td><span title='2020-09-29 12:16:20 +0200'>2020-09-29</span></td><td><a href='/guix/commit/gnu/packages/python.scm?id=7806e568f6c61b97660e91f4f97dfbb9e81b9e06'>gnu: micropython: Update to 1.13.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/python.scm (micropython): Update to 1.13.
</span></span></td><td>Nicolas Goaziou</td></tr>
<tr><td><span title='2020-09-14 10:35:05 +0200'>2020-09-14</span></td><td><a href='/guix/commit/gnu/packages/python.scm?id=24244f3fbff8cd107162803ab9c4392912ce6546'>gnu: python-wrapper: Mention pip in description.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/python.scm (python-wrapper)[description]: Mention that `pip'
won't work properly if both python and python-wrapper are installed.
</span></span></td><td>Pierre Neidhardt</td></tr>