Fix CVE-2017-16844:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511

Patch copied from Debian procmail package 3.22-26:

http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz

From: Santiago Vila <sanvila@debian.org>
Subject: Fix heap-based buffer overflow in loadbuf()
Bug-Debian: http://bugs.debian.org/876511
X-Debian-version: 3.22-26

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -103,7 +103,7 @@
 }
 							    /* append to buf */
 void loadbuf(text,len)const char*const text;const size_t len;
-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
+{ while(buffilled+len>buflen)			  /* buf can't hold the text */
      buf=realloc(buf,buflen+=Bsize);
   tmemmove(buf+buffilled,text,len);buffilled+=len;
 }
s</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=d6fcc67de59ab5406348bf4fc206c9be82858f06'>refs</a><a class='active' href='/guix/log/gnu/packages.scm'>log</a><a href='/guix/tree/gnu/packages.scm?id=d6fcc67de59ab5406348bf4fc206c9be82858f06'>tree</a><a href='/guix/commit/gnu/packages.scm?id=d6fcc67de59ab5406348bf4fc206c9be82858f06'>commit</a><a href='/guix/diff/gnu/packages.scm?id=d6fcc67de59ab5406348bf4fc206c9be82858f06'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages.scm'>
<input type='hidden' name='id' value='d6fcc67de59ab5406348bf4fc206c9be82858f06'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=d6fcc67de59ab5406348bf4fc206c9be82858f06'>root</a>/<a href='/guix/log/gnu?id=d6fcc67de59ab5406348bf4fc206c9be82858f06'>gnu</a>/<a href='/guix/log/gnu/packages.scm?id=d6fcc67de59ab5406348bf4fc206c9be82858f06'>packages.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages.scm?id=d6fcc67de59ab5406348bf4fc206c9be82858f06&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-07-30 19:17:20 +0200'>2020-07-30</span></td><td><a href='/guix/commit/gnu/packages.scm?id=a127e52f601ee73f675d5d28eac2388bb1ad11b0'>packages: 'generate-package-cache' is deterministic.</a><span class='msg-avail'>...<span class='msg-tooltip'>Fixes &lt;https://bugs.gnu.org/42009&gt;.
Reported by Marinus &lt;marinus.savoritias@disroot.org&gt;.

* gnu/packages.scm (generate-package-cache)[entry-key, entry&lt;?]
[variables]: New variables.
[expand-cache]: Change to take two arguments.
[exp]: Fold over VARIABLES.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-07-25 19:11:37 +0200'>2020-07-25</span></td><td><a href='/guix/commit/gnu/packages.scm?id=d51bfe242fbe6f3f8f71d723e8fe0c7bbe711ba1'>Use 'formatted-message' instead of '&amp;message' where appropriate.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu.scm (%try-use-modules): Use 'formatted-message' instead of
'&amp;message'.
* gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error):
Likewise.
* gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise.
(machine-check-building-for-appropriate-system): Likewise.
(deploy-managed-host): Likewise.
(maybe-raise-unsupported-configuration-error): Likewise.
* gnu/packages.scm (search-patch): Likewise.
* gnu/services.scm (%service-with-default-value): Likewise.
(files-&gt;etc-directory): Likewise.
(fold-services): Likewise.
* gnu/system.scm (locale-name-&gt;definition*): Likewise.
* gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise.
(check-luks-device): Likewise.
* guix/channels.scm (latest-channel-instance): Likewise.
* guix/cve.scm (json-&gt;cve-items): Likewise.
* guix/git-authenticate.scm (commit-signing-key): Likewise.
(commit-authorized-keys): Likewise.
(authenticate-commit): Likewise.
(verify-introductory-commit): Likewise.
* guix/remote.scm (remote-pipe-for-gexp): Likewise.
* guix/scripts/graph.scm (assert-package): Likewise.
* guix/scripts/offload.scm (private-key-from-file*): Likewise.
* guix/ssh.scm (authenticate-server*): Likewise.
(open-ssh-session): Likewise.
(remote-inferior): Likewise.
* guix/ui.scm (matching-generations): Likewise.
* guix/upstream.scm (package-update): Likewise.
* tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"):
Catch 'formatted-message?'.
("authenticate-channel, wrong first commit signer"): Likewise.
* tests/lint.scm ("patches: not found"): Adjust message string.
* tests/packages.scm ("patch not found yields a run-time error"): Catch
'formatted-message?'.
* guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'.
(check-derivation): Ditto.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2020-07-30	packages: 'generate-package-cache' is deterministic....Fixes <https://bugs.gnu.org/42009>. Reported by Marinus <marinus.savoritias@disroot.org>. * gnu/packages.scm (generate-package-cache)[entry-key, entry<?] [variables]: New variables. [expand-cache]: Change to take two arguments. [exp]: Fold over VARIABLES.	Ludovic Courtès
2020-07-25	Use 'formatted-message' instead of '&message' where appropriate....* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition): Likewise. gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file): Likewise. guix/ssh.scm (authenticate-server): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto.	Ludovic Courtès