There's a merged pull request on the void-packages repository

unzip: sync patches from Fedora etc.
https://github.com/void-linux/void-packages/pull/41269

Description:
Sync a number of (CVE-related) patches from other distros:

unzip-zipbomb-part{4,5,6}.patch: Fedora
CVE-2021-4217.patch: Archlinux
CVE-2022-0529.patch,CVE-2022-0530.patch: Ubuntu

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **briefly**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)