Fix CVE-2017-16844:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511

Patch copied from Debian procmail package 3.22-26:

http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz

From: Santiago Vila <sanvila@debian.org>
Subject: Fix heap-based buffer overflow in loadbuf()
Bug-Debian: http://bugs.debian.org/876511
X-Debian-version: 3.22-26

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -103,7 +103,7 @@
 }
 							    /* append to buf */
 void loadbuf(text,len)const char*const text;const size_t len;
-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
+{ while(buffilled+len>buflen)			  /* buf can't hold the text */
      buf=realloc(buf,buflen+=Bsize);
   tmemmove(buf+buffilled,text,len);buffilled+=len;
 }
n>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=09f0c45d577d12c1adcb4be326c3bf8367d47739'>refs</a><a class='active' href='/guix/log/gnu/local.mk'>log</a><a href='/guix/tree/gnu/local.mk?id=09f0c45d577d12c1adcb4be326c3bf8367d47739'>tree</a><a href='/guix/commit/gnu/local.mk?id=09f0c45d577d12c1adcb4be326c3bf8367d47739'>commit</a><a href='/guix/diff/gnu/local.mk?id=09f0c45d577d12c1adcb4be326c3bf8367d47739'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/local.mk'>
<input type='hidden' name='id' value='09f0c45d577d12c1adcb4be326c3bf8367d47739'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=09f0c45d577d12c1adcb4be326c3bf8367d47739'>root</a>/<a href='/guix/log/gnu?id=09f0c45d577d12c1adcb4be326c3bf8367d47739'>gnu</a>/<a href='/guix/log/gnu/local.mk?id=09f0c45d577d12c1adcb4be326c3bf8367d47739'>local.mk</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/local.mk?id=09f0c45d577d12c1adcb4be326c3bf8367d47739&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-04-10 17:09:47 +0200'>2019-04-10</span></td><td><a href='/guix/commit/gnu/local.mk?id=3e4e74c10ec1bf57ffcaed987b75127382908697'>gnu: kodi: Allow connecting to HTTPS sources.</a><span class='msg-avail'>...</span></td><td>Carlo Zancanaro</td></tr>
<tr><td><span title='2019-04-08 21:48:21 +0300'>2019-04-08</span></td><td><a href='/guix/commit/gnu/local.mk?id=4994174fa0234ecb35b181d1d0cca209be1c4323'>gnu: libopenshot: Update to 0.2.3.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2019-04-07 21:10:26 +0300'>2019-04-07</span></td><td><a href='/guix/commit/gnu/local.mk?id=8a3bb34c5e9aa4bc2042da8541e6cb74de7066f7'>gnu: lcms: Fix CVE-2018-16435.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2019-04-05 18:44:05 +0300'>2019-04-05</span></td><td><a href='/guix/commit/gnu/local.mk?id=3dbd240937a7fb4322db21bc1bf6189a1a512223'>gnu: Add emacs-undohist-el.</a><span class='msg-avail'>...</span></td><td>Brian Leung</td></tr>
<tr><td><span title='2019-04-05 15:39:35 +0200'>2019-04-05</span></td><td><a href='/guix/commit/gnu/local.mk?id=f63861b5a61b2a9d2c17dbf88b24b5e8f0c5c111'>gnu: Add localed, extracted from systemd.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-04-05 09:50:07 +0300'>2019-04-05</span></td><td><a href='/guix/commit/gnu/local.mk?id=2beca2a55c76ed56bcc6b718bd807126e904dee1'>gnu: flac: Fix CVE-2017-6888.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2019-04-05 06:25:24 +0200'>2019-04-05</span></td><td><a href='/guix/commit/gnu/local.mk?id=9859800f5df8827ad7dba6acf32888fa5dc41442'>gnu: ledger: Update to 3.1.3.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2019-04-04 17:47:02 +0200'>2019-04-04</span></td><td><a href='/guix/commit/gnu/local.mk?id=aff0cce9175aaf836dd78941eb17549e3bfa7188'>gnu: Move nss &amp; co. to nss.scm.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-04-04 17:47:01 +0200'>2019-04-04</span></td><td><a href='/guix/commit/gnu/local.mk?id=804744b338455b0ab8775351f757427047314139'>gnu: Add (gnu packages haskell-apps).</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-04-04 17:47:01 +0200'>2019-04-04</span></td><td><a href='/guix/commit/gnu/local.mk?id=a7ad4505b7a09f32e2727a333e11716739efb713'>build: Always ship the (gnu installer …) modules.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-04-03 18:31:59 -0400'>2019-04-03</span></td><td><a href='/guix/commit/gnu/local.mk?id=6d01a7f4c45716e72bab1231c4cb8c07e4e3fbd7'>gnu: ntfs-3g: Fix CVE-2019-9755.</a><span class='msg-avail'>...</span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2019-04-03 18:21:42 +0200'>2019-04-03</span></td><td><a href='/guix/commit/gnu/local.mk?id=96c90474c0cbfe88d1dccb9cb52a0f1b3a1505e7'>gnu: Add configuration for depthcharge bootloader.</a><span class='msg-avail'>...</span></td><td>Timothy Sample</td></tr>
<tr><td><span title='2019-03-31 23:32:47 +0200'>2019-03-31</span></td><td><a href='/guix/commit/gnu/local.mk?id=f125c5a5ea03d53749f45d310694b79241d5888d'>gnu: emacs-zones: silence byte-compiler.</a><span class='msg-avail'>...</span></td><td>Brian Leung</td></tr>

Age	Commit message (Expand)	Author
2019-04-10	gnu: kodi: Allow connecting to HTTPS sources....	Carlo Zancanaro
2019-04-08	gnu: libopenshot: Update to 0.2.3....	Efraim Flashner
2019-04-07	gnu: lcms: Fix CVE-2018-16435....	Efraim Flashner
2019-04-05	gnu: Add emacs-undohist-el....	Brian Leung
2019-04-05	gnu: Add localed, extracted from systemd....	Ludovic Courtès
2019-04-05	gnu: flac: Fix CVE-2017-6888....	Efraim Flashner
2019-04-05	gnu: ledger: Update to 3.1.3....	Tobias Geerinckx-Rice
2019-04-04	gnu: Move nss & co. to nss.scm....	Ludovic Courtès
2019-04-04	gnu: Add (gnu packages haskell-apps)....	Ludovic Courtès
2019-04-04	build: Always ship the (gnu installer …) modules....	Ludovic Courtès
2019-04-03	gnu: ntfs-3g: Fix CVE-2019-9755....	Leo Famulari
2019-04-03	gnu: Add configuration for depthcharge bootloader....	Timothy Sample
2019-03-31	gnu: emacs-zones: silence byte-compiler....	Brian Leung