diff --git a/archivers/lha/Makefile b/archivers/lha/Makefile
index 2efac1f1c56..dfa4ddd6d88 100644
--- a/archivers/lha/Makefile
+++ b/archivers/lha/Makefile
@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.32 2013/03/10 22:28:04 espie Exp $
+# $OpenBSD: Makefile,v 1.33 2016/01/27 13:36:35 jasper Exp $
 
 COMMENT=	archive files using LZW compression (.lzh files)
 
 DISTNAME=	lha-1.14i-ac20050924p1
 PKGNAME=	lha-1.14i.ac20050924.1
+REVISION=	0
 CATEGORIES=	archivers
 
 HOMEPAGE=       http://lha.sourceforge.jp/
diff --git a/archivers/lha/patches/patch-src_header_c b/archivers/lha/patches/patch-src_header_c
new file mode 100644
index 00000000000..35a650377ef
--- /dev/null
+++ b/archivers/lha/patches/patch-src_header_c
@@ -0,0 +1,62 @@
+$OpenBSD: patch-src_header_c,v 1.3 2016/01/27 13:36:35 jasper Exp $
+
+Security fix for CVE-2016-1925
+http://seclists.org/oss-sec/2016/q1/132
+https://osdn.jp/projects/lha/scm/git/lha/commits/bf2471f
+
+--- src/header.c.orig	Wed Jan 27 14:31:45 2016
++++ src/header.c	Wed Jan 27 14:34:05 2016
+@@ -688,6 +688,7 @@ get_header_level0(fp, hdr, data)
+     char *data;
+ {
+     size_t header_size;
++    ssize_t remain_size;
+     ssize_t extend_size;
+     int checksum;
+     int name_length;
+@@ -697,9 +698,15 @@ get_header_level0(fp, hdr, data)
+     hdr->header_size = header_size = get_byte();
+     checksum = get_byte();
+ 
+-    if (fread(data + COMMON_HEADER_SIZE,
+-              header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) {
+-        error("Invalid header (LHarc file ?)");
++    /* The data variable has been already read as COMMON_HEADER_SIZE bytes.
++       So we must read the remaining header size by the header_size. */
++    remain_size = header_size + 2 - COMMON_HEADER_SIZE;
++    if (remain_size <= 0) {
++      error("Invalid header size (LHarc file ?)");
++      return FALSE;
++    }
++    if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) {
++    	error("Invalid header (LHarc file ?)");
+         return FALSE;   /* finish */
+     }
+ 
+@@ -804,6 +811,7 @@ get_header_level1(fp, hdr, data)
+     char *data;
+ {
+     size_t header_size;
++    ssize_t remain_size;
+     ssize_t extend_size;
+     int checksum;
+     int name_length;
+@@ -813,9 +821,15 @@ get_header_level1(fp, hdr, data)
+     hdr->header_size = header_size = get_byte();
+     checksum = get_byte();
+ 
+-    if (fread(data + COMMON_HEADER_SIZE,
+-              header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) {
+-        error("Invalid header (LHarc file ?)");
++    /* The data variable has been already read as COMMON_HEADER_SIZE bytes.
++       So we must read the remaining header size by the header_size. */
++    remain_size = header_size + 2 - COMMON_HEADER_SIZE;
++    if (remain_size <= 0) {
++        error("Invalid header size (LHarc file ?)");
++        return FALSE;
++    }
++    if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) {
++    	error("Invalid header (LHarc file ?)");
+         return FALSE;   /* finish */
+     }
+