--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/unzip/patches/06_CVE-2014-8139.2.patch	Wed Mar 02 10:35:32 2016 +0100
@@ -0,0 +1,160 @@
+The fix is taken from http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=454
+and should be available in next unzip release.
+
+--- unzip60/extract.c	Fri Feb 26 07:14:44 2016
++++ /home/vmarek/extract.c	Mon Feb 22 08:32:56 2016
+@@ -298,7 +298,7 @@
+ #ifndef SFX
+    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+-   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
++   static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
+      EF block length (%u bytes) invalid (< %d)\n";
+    static ZCONST char Far InvalidComprDataEAs[] =
+      " invalid compressed data for EAs\n";
+@@ -2035,16 +2035,6 @@
+               ebLen, (ef_len - EB_HEADSIZE)));
+             return PK_ERR;
+         }
+-        else if (ebLen < EB_HEADSIZE)
+-        {
+-            /* Extra block length smaller than header length. */
+-            if (uO.qflag)
+-                Info(slide, 1, ((char *)slide, "%-22s ",
+-                  FnFilter1(G.filename)));
+-            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
+-              ebLen, EB_HEADSIZE));
+-            return PK_ERR;
+-        }
+ 
+         switch (ebID) {
+             case EF_OS2:
+@@ -2171,11 +2161,19 @@
+                 }
+                 break;
+             case EF_PKVMS:
+-                if (makelong(ef+EB_HEADSIZE) !=
++                if (ebLen < 4)
++                {
++                    Info(slide, 1,
++                     ((char *)slide, LoadFarString(TooSmallEBlength),
++                     ebLen, 4));
++                }
++                else if (makelong(ef+EB_HEADSIZE) !=
+                     crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
+                           (extent)(ebLen-4)))
++                {
+                     Info(slide, 1, ((char *)slide,
+                       LoadFarString(BadCRC_EAs)));
++                }
+                 break;
+             case EF_PKW32:
+             case EF_PKUNIX:
+@@ -2230,7 +2228,7 @@
+     ulg eb_ucsize;
+     uch *eb_ucptr;
+     int r;
+-    ush method;
++    ush eb_compr_method;
+ 
+     if (compr_offset < 4)                /* field is not compressed: */
+         return PK_OK;                    /* do nothing and signal OK */
+@@ -2247,11 +2245,14 @@
+      ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
+         return IZ_EF_TRUNC;             /* no/bad compressed data! */
+ 
+-    method = makeword(eb + (EB_HEADSIZE + compr_offset));
+-    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
+-	return PK_ERR;			  /* compressed & uncompressed
+-					   * should match in STORED
+-					   * method */
++    /* 2015-02-10 Mancha(?), Michal Zalewski, Tomas Hoger, SMS.
++     * For STORE method, compressed and uncompressed sizes must agree.
++     * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
++     */
++    eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset));
++    if ((eb_compr_method == STORED) &&
++     (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
++        return PK_ERR;
+ 
+     if (
+ #ifdef INT_16BIT
+@@ -2523,10 +2524,28 @@
+     __GDEF
+     slinkentry *slnk_entry;
+ {
++    int sts;
+     extent ucsize = slnk_entry->targetlen;
+     char *linkfname = slnk_entry->fname;
+     char *linktarget = (char *)malloc(ucsize+1);
+ 
++#ifdef VMS
++    static int vms_symlink_works = -1;
++
++    if (vms_symlink_works < 0)
++    {
++        /* Test symlink() with an invalid file name.  If errno comes
++         * back ENOSYS ("Function not implemented"), then don't try to
++         * use it below on the symlink placeholder text files.
++         */
++        vms_symlink_works = symlink( "", "?");
++        if (errno == ENOSYS)
++            vms_symlink_works = 0;
++        else
++            vms_symlink_works = 1;
++    }
++#endif /* def VMS */
++
+     if (!linktarget) {
+         Info(slide, 0x201, ((char *)slide,
+           LoadFarString(SymLnkWarnNoMem), FnFilter1(linkfname)));
+@@ -2554,11 +2573,29 @@
+         return;
+     }
+     fclose(G.outfile);                  /* close "data" file for good... */
++
++#ifdef VMS
++    if (vms_symlink_works == 0)
++    {
++        /* Should we be using some UnZip error message function instead
++         * of perror() (or equivalent) for these "symlink error"
++         * messages?
++         */
++        Info(slide, 0, ((char *)slide, LoadFarString(SymLnkFinish),
++          FnFilter1(linkfname), FnFilter2(linktarget)));
++
++        fprintf( stderr, "Symlink error: %s\n", strerror( ENOSYS));
++        free(linktarget);
++        return;
++    }
++#endif /* def VMS */
++
+     unlink(linkfname);                  /* ...and delete it */
+-    if (QCOND2)
++    sts = symlink(linktarget, linkfname);       /* create the real link */
++    if (QCOND2 || (sts != 0))
+         Info(slide, 0, ((char *)slide, LoadFarString(SymLnkFinish),
+           FnFilter1(linkfname), FnFilter2(linktarget)));
+-    if (symlink(linktarget, linkfname))  /* create the real link */
++    if (sts != 0)
+         perror("symlink error");
+     free(linktarget);
+ #ifdef SET_SYMLINK_ATTRIBS
+@@ -2652,7 +2689,7 @@
+ #endif /* ?HAVE_WORKING_ISPRINT */
+         } else {
+ #ifdef _MBCS
+-            unsigned i = CLEN(r);
++            extent i = CLEN(r);
+             if (se != NULL && (s > (space + (size-i-2)))) {
+                 have_overflow = TRUE;
+                 break;
+@@ -2835,7 +2872,7 @@
+ #endif
+ 
+     G.inptr = (uch *)bstrm.next_in;
+-    G.incnt = (G.inbuf + INBUFSIZ) - G.inptr;  /* reset for other routines */
++    G.incnt = (int)((G.inbuf + INBUFSIZ) - G.inptr);  /* Reset for others. */
+ 
+ uzbunzip_cleanup_exit:
+     err = BZ2_bzDecompressEnd(&bstrm);