system/unzip: change upstream to Debian (#123)

Debian's patches close several CVEs, including a few of which I wasn't
even aware. They also include the patches we were already carrying:

These were plucked directly from Debian so the names are the same:
10-unzip-handle-pkware-verify.patch
20-unzip-uidgid-fix.patch

Our unzip-6.0-heap-overflow-infloop.patch is covered by Debian's:
14-cve-2015-7696.patch
15-cve-2015-7697.patch
16-fix-integer-underflow-csiz-decrypted.patch

1 files changed, 0 insertions, 29 deletions

diff --git a/system/unzip/20-unzip-uidgid-fix.patch b/system/unzip/20-unzip-uidgid-fix.patch
deleted file mode 100644
index 3a308990e..000000000
--- a/system/unzip/20-unzip-uidgid-fix.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: sms
-Subject: Restore uid and gid information when requested
-Bug-Debian: http://bugs.debian.org/689212
-X-Debian-version: 6.0-8
-
---- a/process.c
-+++ b/process.c
-@@ -2904,7 +2904,7 @@
- #ifdef IZ_HAVE_UXUIDGID
-             if (eb_len >= EB_UX3_MINLEN
-                 && z_uidgid != NULL
--                && (*((EB_HEADSIZE + 0) + ef_buf) == 1)
-+                && (*((EB_HEADSIZE + 0) + ef_buf) == 1))
-                     /* only know about version 1 */
-             {
-                 uch uid_size;
-@@ -2916,10 +2916,10 @@
-                 flags &= ~0x0ff;      /* ignore any previous UNIX field */
- 
-                 if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf,
--                                    uid_size, z_uidgid[0])
-+                                    uid_size, &z_uidgid[0])
-                     &&
-                      read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf,
--                                    gid_size, z_uidgid[1]) )
-+                                    gid_size, &z_uidgid[1]) )
-                 {
-                     flags |= EB_UX2_VALID;   /* signal success */
-                 }