zlib/minizip: Update to version 1.2.13, remove zlib from freetype

Security update, fixes CVE-2022-37434 in zlib. Only applications exposing/using `inflateGetHeader()` seem to be affected, which is not our case, so this is not critical for Godot. Remove duplicated copy of zlib in freetype sources to force using the updated version in `thirdparty/zlib/`. Co-authored-by: Rémi Verschelde <rverschelde@gmail.com> (cherry picked from commit 93409b8e64)
2022-11-30 11:16:31 -03:00
parent 456cdf84c1
commit a49fa86cca
43 changed files with 317 additions and 16985 deletions
--- a/thirdparty/minizip/MiniZip64_info.txt
+++ b/thirdparty/minizip/MiniZip64_info.txt
--- a/thirdparty/minizip/crypt.h
+++ b/thirdparty/minizip/crypt.h
@ -85,7 +85,7 @@ static void init_keys(const char* passwd,unsigned long* pkeys,const z_crc_t* pcr
 #define RAND_HEAD_LEN  12
   /* "last resort" source for second part of crypt seed pattern */
 #  ifndef ZCR_SEED2
-#    define ZCR_SEED2 3141592654L       /* use PI as default pattern */
+#    define ZCR_SEED2 3141592654UL      /* use PI as default pattern */
 #  endif

 static unsigned crypthead(const char* passwd,       /* password string */
--- a/thirdparty/minizip/ioapi.c
+++ b/thirdparty/minizip/ioapi.c
@ -101,9 +101,9 @@ static int     ZCALLBACK ferror_file_func OF((voidpf opaque, voidpf stream));

 static voidpf ZCALLBACK fopen_file_func (voidpf opaque, const char* filename, int mode)
 {
-    (void)opaque;
    FILE* file = NULL;
    const char* mode_fopen = NULL;
+    (void)opaque;
    if ((mode & ZLIB_FILEFUNC_MODE_READWRITEFILTER)==ZLIB_FILEFUNC_MODE_READ)
        mode_fopen = "rb";
    else
@ -120,9 +120,9 @@ static voidpf ZCALLBACK fopen_file_func (voidpf opaque, const char* filename, in

 static voidpf ZCALLBACK fopen64_file_func (voidpf opaque, const void* filename, int mode)
 {
-    (void)opaque;
    FILE* file = NULL;
    const char* mode_fopen = NULL;
+    (void)opaque;
    if ((mode & ZLIB_FILEFUNC_MODE_READWRITEFILTER)==ZLIB_FILEFUNC_MODE_READ)
        mode_fopen = "rb";
    else
@ -140,24 +140,24 @@ static voidpf ZCALLBACK fopen64_file_func (voidpf opaque, const void* filename,

 static uLong ZCALLBACK fread_file_func (voidpf opaque, voidpf stream, void* buf, uLong size)
 {
-    (void)opaque;
    uLong ret;
+    (void)opaque;
    ret = (uLong)fread(buf, 1, (size_t)size, (FILE *)stream);
    return ret;
 }

 static uLong ZCALLBACK fwrite_file_func (voidpf opaque, voidpf stream, const void* buf, uLong size)
 {
-    (void)opaque;
    uLong ret;
+    (void)opaque;
    ret = (uLong)fwrite(buf, 1, (size_t)size, (FILE *)stream);
    return ret;
 }

 static long ZCALLBACK ftell_file_func (voidpf opaque, voidpf stream)
 {
-    (void)opaque;
    long ret;
+    (void)opaque;
    ret = ftell((FILE *)stream);
    return ret;
 }
@ -165,17 +165,17 @@ static long ZCALLBACK ftell_file_func (voidpf opaque, voidpf stream)

 static ZPOS64_T ZCALLBACK ftell64_file_func (voidpf opaque, voidpf stream)
 {
-    (void)opaque;
    ZPOS64_T ret;
+    (void)opaque;
    ret = (ZPOS64_T)FTELLO_FUNC((FILE *)stream);
    return ret;
 }

 static long ZCALLBACK fseek_file_func (voidpf  opaque, voidpf stream, uLong offset, int origin)
 {
-    (void)opaque;
    int fseek_origin=0;
    long ret;
+    (void)opaque;
    switch (origin)
    {
    case ZLIB_FILEFUNC_SEEK_CUR :
@ -197,9 +197,9 @@ static long ZCALLBACK fseek_file_func (voidpf  opaque, voidpf stream, uLong offs

 static long ZCALLBACK fseek64_file_func (voidpf  opaque, voidpf stream, ZPOS64_T offset, int origin)
 {
-    (void)opaque;
    int fseek_origin=0;
    long ret;
+    (void)opaque;
    switch (origin)
    {
    case ZLIB_FILEFUNC_SEEK_CUR :
@ -215,7 +215,7 @@ static long ZCALLBACK fseek64_file_func (voidpf  opaque, voidpf stream, ZPOS64_T
    }
    ret = 0;

-    if(FSEEKO_FUNC((FILE *)stream, (long)offset, fseek_origin) != 0)
+    if(FSEEKO_FUNC((FILE *)stream, (z_off_t)offset, fseek_origin) != 0)
                        ret = -1;

    return ret;
@ -224,16 +224,16 @@ static long ZCALLBACK fseek64_file_func (voidpf  opaque, voidpf stream, ZPOS64_T

 static int ZCALLBACK fclose_file_func (voidpf opaque, voidpf stream)
 {
-    (void)opaque;
    int ret;
+    (void)opaque;
    ret = fclose((FILE *)stream);
    return ret;
 }

 static int ZCALLBACK ferror_file_func (voidpf opaque, voidpf stream)
 {
-    (void)opaque;
    int ret;
+    (void)opaque;
    ret = ferror((FILE *)stream);
    return ret;
 }
--- a/thirdparty/minizip/ioapi.h
+++ b/thirdparty/minizip/ioapi.h
@ -66,7 +66,7 @@
 #define ftello64 ftell
 #define fseeko64 fseek
 #else
-#ifdef __FreeBSD__
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__)
 #define fopen64 fopen
 #define ftello64 ftello
 #define fseeko64 fseeko
--- a/thirdparty/minizip/patches/godot-seek.patch
+++ b/thirdparty/minizip/patches/godot-seek.patch
@ -1,5 +1,5 @@
 diff --git a/thirdparty/minizip/ioapi.c b/thirdparty/minizip/ioapi.c
-index d666e5a228..db4c33b4b9 100644
+index 814a6fd38c..b50db35ac1 100644
 --- a/thirdparty/minizip/ioapi.c
 +++ b/thirdparty/minizip/ioapi.c
@@ -80,8 +80,15 @@ void fill_zlib_filefunc64_32_def_from_filefunc32(zlib_filefunc64_32_def* p_filef
@ -26,7 +26,7 @@ index d666e5a228..db4c33b4b9 100644
 +*/
 +/* GODOT end */
 diff --git a/thirdparty/minizip/ioapi.h b/thirdparty/minizip/ioapi.h
-index 114bfab762..2f24a5b6a0 100644
+index ae9ca7e833..6c73fc4ec3 100644
 --- a/thirdparty/minizip/ioapi.h
 +++ b/thirdparty/minizip/ioapi.h
@@ -155,6 +155,10 @@ typedef struct zlib_filefunc_def_s
@ -52,7 +52,7 @@ index 114bfab762..2f24a5b6a0 100644
 
 void fill_fopen64_filefunc OF((zlib_filefunc64_def* pzlib_filefunc_def));
 diff --git a/thirdparty/minizip/unzip.c b/thirdparty/minizip/unzip.c
-index 5e12e47474..3b191e827c 100644
+index 3036b470b7..e83aff2773 100644
 --- a/thirdparty/minizip/unzip.c
 +++ b/thirdparty/minizip/unzip.c
@@ -157,6 +157,9 @@ typedef struct
@ -122,7 +122,7 @@ index 5e12e47474..3b191e827c 100644
         }
 
         while(acc < file_info.size_file_extra)
-@@ -1575,8 +1604,10 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
+@@ -1576,8 +1605,10 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
     }
     else if ((s->cur_file_info.compression_method==Z_DEFLATED) && (!raw))
     {
@ -135,7 +135,7 @@ index 5e12e47474..3b191e827c 100644
       pfile_in_zip_read_info->stream.opaque = (voidpf)0;
       pfile_in_zip_read_info->stream.next_in = 0;
       pfile_in_zip_read_info->stream.avail_in = 0;
-@@ -1608,6 +1639,9 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
+@@ -1610,6 +1641,9 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
               iSizeVar;
 
     pfile_in_zip_read_info->stream.avail_in = (uInt)0;
@ -145,7 +145,7 @@ index 5e12e47474..3b191e827c 100644
 
     s->pfile_in_zip_read = pfile_in_zip_read_info;
                 s->encrypted = 0;
-@@ -1638,6 +1672,85 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
+@@ -1640,6 +1674,85 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
     return UNZ_OK;
 }
 
@ -261,7 +261,7 @@ index 6f95e94d75..71a7d89692 100644
 
 extern ZPOS64_T ZEXPORT unztell64 OF((unzFile file));
 diff --git a/thirdparty/minizip/zip.c b/thirdparty/minizip/zip.c
-index 4e611e1163..6d1c26d9f8 100644
+index 66d693f85a..ddcc14132b 100644
 --- a/thirdparty/minizip/zip.c
 +++ b/thirdparty/minizip/zip.c
@@ -854,9 +854,11 @@ extern zipFile ZEXPORT zipOpen3 (const void *pathname, int append, zipcharpc* gl
--- a/thirdparty/minizip/patches/unbreak-gentoo.patch
+++ b/thirdparty/minizip/patches/unbreak-gentoo.patch
@ -1,8 +1,8 @@
 diff --git a/thirdparty/minizip/ioapi.h b/thirdparty/minizip/ioapi.h
-index f25ab6464..6043d34ce 100644
+index 6c73fc4ec3..083062ffe6 100644
 --- a/thirdparty/minizip/ioapi.h
 +++ b/thirdparty/minizip/ioapi.h
-@@ -44,6 +44,22 @@
+@@ -45,6 +45,22 @@
 #include <stdlib.h>
 #include "zlib.h"
 
--- a/thirdparty/minizip/unzip.c
+++ b/thirdparty/minizip/unzip.c
@ -112,7 +112,7 @@
 # define ALLOC(size) (malloc(size))
 #endif
 #ifndef TRYFREE
-# define TRYFREE(p) {if (p) free(p);}
+# define TRYFREE(p) { free(p);}
 #endif

 #define SIZECENTRALDIRITEM (0x2e)
@ -1595,6 +1595,7 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
        pfile_in_zip_read_info->stream_initialised=Z_BZIP2ED;
      else
      {
+        TRYFREE(pfile_in_zip_read_info->read_buffer);
        TRYFREE(pfile_in_zip_read_info);
        return err;
      }
@ -1617,6 +1618,7 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
        pfile_in_zip_read_info->stream_initialised=Z_DEFLATED;
      else
      {
+        TRYFREE(pfile_in_zip_read_info->read_buffer);
        TRYFREE(pfile_in_zip_read_info);
        return err;
      }
--- a/thirdparty/minizip/zip.c
+++ b/thirdparty/minizip/zip.c
@ -1475,11 +1475,6 @@ extern int ZEXPORT zipWriteInFileInZip (zipFile file,const void* buf,unsigned in
          {
              uLong uTotalOutBefore = zi->ci.stream.total_out;
              err=deflate(&zi->ci.stream,  Z_NO_FLUSH);
-              if(uTotalOutBefore > zi->ci.stream.total_out)
-              {
-                int bBreak = 0;
-                bBreak++;
-              }

              zi->ci.pos_in_buffered_data += (uInt)(zi->ci.stream.total_out - uTotalOutBefore) ;
          }
@ -1963,7 +1958,7 @@ extern int ZEXPORT zipRemoveExtraInfoBlock (char* pData, int* dataLen, short sHe

  int retVal = ZIP_OK;

-  if(pData == NULL || *dataLen < 4)
+  if(pData == NULL || dataLen == NULL || *dataLen < 4)
    return ZIP_PARAMERROR;

  pNewHeader = (char*)ALLOC((unsigned)*dataLen);