Update libzip to 1.3.0.
It includes the fix for CVE-2017-14107 (landed separately in r450768) as well
as a fix for CVE-2017-12858, which did not affect us due to the fact that the
vulnerability was introduced in 1.2.0.
libzip.so's SOVERSION got bumped after the removal of the undocumented function
zip_archive_set_tempdir(). All ports depending on libzip continue to build fine
Submitted by: Dani <email@example.com>
Add a patch for CVE-2017-14107.
This is a minor security vulnerability that can lead to a denial of service
issue in libzip when a specially crafted archive is used.