Fix CVE-2017-16844:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511

Patch copied from Debian procmail package 3.22-26:

http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz

From: Santiago Vila <sanvila@debian.org>
Subject: Fix heap-based buffer overflow in loadbuf()
Bug-Debian: http://bugs.debian.org/876511
X-Debian-version: 3.22-26

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -103,7 +103,7 @@
 }
 							    /* append to buf */
 void loadbuf(text,len)const char*const text;const size_t len;
-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
+{ while(buffilled+len>buflen)			  /* buf can't hold the text */
      buf=realloc(buf,buflen+=Bsize);
   tmemmove(buf+buffilled,text,len);buffilled+=len;
 }
oszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4'>refs</a><a class='active' href='/guix/log/gnu/system/linux-container.scm'>log</a><a href='/guix/tree/gnu/system/linux-container.scm?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4'>tree</a><a href='/guix/commit/gnu/system/linux-container.scm?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4'>commit</a><a href='/guix/diff/gnu/system/linux-container.scm?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/system/linux-container.scm'>
<input type='hidden' name='id' value='0be51fe03bf2b8f3ef009929fa0860e17aa15de4'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4'>root</a>/<a href='/guix/log/gnu?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4'>gnu</a>/<a href='/guix/log/gnu/system?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4'>system</a>/<a href='/guix/log/gnu/system/linux-container.scm?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4'>linux-container.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/system/linux-container.scm?id=0be51fe03bf2b8f3ef009929fa0860e17aa15de4&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-06-24 16:13:05 +0200'>2023-06-24</span></td><td><a href='/guix/commit/gnu/system/linux-container.scm?id=ed5a9f5260666679289c3d20d5068e374084a50c'>linux-container: Pass '--disable-chroot' to 'guix-daemon'.</a><span class='msg-avail'>...<span class='msg-tooltip'>This allows for the use of Guix within a non-privileged Docker container
produced by 'guix system image -t docker'.

* gnu/system/linux-container.scm (containerized-operating-system):
Change 'guix-configuration' to add "--disable-chroot".
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2023-06-09 18:15:07 +0200'>2023-06-09</span></td><td><a href='/guix/commit/gnu/system/linux-container.scm?id=44bbfc24e4bcc48d0e3343cd3d83452721af8c36'>linux-container: Adjust to 'modify-services' semantic change.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is a followup to dbbc7e946131ba257728f1d05b96c4339b7ee88b:
'nscd-service-type' isn't necessarily present in OS, so we cannot use
the 'modify-services' as it would now error out.  This was happening
with the "guix system docker-image" test in 'tests/guix-system.sh'.

* gnu/system/linux-container.scm (containerized-operating-system): Use
'filter-map' instead of 'remove' + 'modify-services'.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2023-03-26 14:15:16 +0100'>2023-03-26</span></td><td><a href='/guix/commit/gnu/system/linux-container.scm?id=42fbe62d52a82d1003c3d7039d3c4a46806c5cee'>linux-container: Remove hosts-service-type when network is shared.</a><span class='msg-avail'>...<span class='msg-tooltip'>Fixes &lt;https://issues.guix.gnu.org/61627&gt;.

* gnu/system/linux-container.scm (container-essential-services): When
shared-network? is true, remove the hosts-service-type service kind.
</span></span></td><td>Pierre Langlois</td></tr>
<tr><td><span title='2022-12-01 19:52:13 +0100'>2022-12-01</span></td><td><a href='/guix/commit/gnu/system/linux-container.scm?id=1a63aea94340f6a24ac09e1c348401e9dfd05395'>linux-container: Do not replace nscd-service-type.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/system/linux-container.scm (containerized-operating-system): Respect
customizations to the nscd-service-type and only modify the caches field.
</span></span></td><td>Ricardo Wurmus</td></tr>