zlib/minizip: Update to version 1.2.12

Security update, fixes CVE-2018-25032 in zlib. Preliminary assessment doesn't show Godot as affected since we don't seem to call `deflate` with the problematic parameters, but the extent of the vulnerability is not fully clear upstream yet. (cherry picked from commit 420d0d5)
akien-mga · Apr 13, 2022 · e240301 · e240301
1 parent 1f2d146
commit e240301
Show file tree

Hide file tree

Showing 27 changed files with 10,894 additions and 1,096 deletions.
diff --git a/thirdparty/README.md b/thirdparty/README.md
@@ -301,17 +301,17 @@ https://github.com/miniupnp/miniupnp/commit/3a08dd4b89af2e9effa22a136bac86f2f306
 
 ## minizip
 
-- Upstream: http://www.zlib.net
-- Version: 1.2.11 (zlib contrib, 2017)
+- Upstream: https://www.zlib.net
+- Version: 1.2.12 (zlib contrib, 2022)
 - License: zlib
 
 Files extracted from the upstream source:
 
-- contrib/minizip/{crypt.h,ioapi.{c,h},zip.{c,h},unzip.{c,h}}
+- contrib/minizip/{crypt.h,ioapi.{c,h},unzip.{c,h},zip.{c,h}}
 
 Important: Some files have Godot-made changes for use in core/io.
 They are marked with `/* GODOT start */` and `/* GODOT end */`
-comments and a patch is provided in the minizip/ folder.
+comments and a patch is provided in the `patches` folder.
 
 
 ## misc
@@ -544,8 +544,8 @@ Files extracted from upstream source:
 
 ## zlib
 
-- Upstream: http://www.zlib.net
-- Version: 1.2.11 (2017)
+- Upstream: https://www.zlib.net
+- Version: 1.2.12 (2022)
 - License: zlib
 
 Files extracted from upstream source:

diff --git a/thirdparty/minizip/crypt.h b/thirdparty/minizip/crypt.h
@@ -38,6 +38,7 @@ static int decrypt_byte(unsigned long* pkeys, const z_crc_t* pcrc_32_tab)
                      * unpredictable manner on 16-bit systems; not a problem
                      * with any known compiler so far, though */
 
+    (void)pcrc_32_tab;
     temp = ((unsigned)(*(pkeys+2)) & 0xffff) | 2;
     return (int)(((temp * (temp ^ 1)) >> 8) & 0xff);
 }
@@ -77,24 +78,24 @@ static void init_keys(const char* passwd,unsigned long* pkeys,const z_crc_t* pcr
     (update_keys(pkeys,pcrc_32_tab,c ^= decrypt_byte(pkeys,pcrc_32_tab)))
 
 #define zencode(pkeys,pcrc_32_tab,c,t) \
-    (t=decrypt_byte(pkeys,pcrc_32_tab), update_keys(pkeys,pcrc_32_tab,c), t^(c))
+    (t=decrypt_byte(pkeys,pcrc_32_tab), update_keys(pkeys,pcrc_32_tab,c), (Byte)t^(c))
 
 #ifdef INCLUDECRYPTINGCODE_IFCRYPTALLOWED
 
 #define RAND_HEAD_LEN  12
    /* "last resort" source for second part of crypt seed pattern */
 #  ifndef ZCR_SEED2
-#    define ZCR_SEED2 3141592654UL     /* use PI as default pattern */
+#    define ZCR_SEED2 3141592654L       /* use PI as default pattern */
 #  endif
 
-static int crypthead(const char* passwd,      /* password string */
-                     unsigned char* buf,      /* where to write header */
-                     int bufSize,
-                     unsigned long* pkeys,
-                     const z_crc_t* pcrc_32_tab,
-                     unsigned long crcForCrypting)
+static unsigned crypthead(const char* passwd,       /* password string */
+                          unsigned char* buf,       /* where to write header */
+                          int bufSize,
+                          unsigned long* pkeys,
+                          const z_crc_t* pcrc_32_tab,
+                          unsigned long crcForCrypting)
 {
-    int n;                       /* index in random header */
+    unsigned n;                  /* index in random header */
     int t;                       /* temporary */
     int c;                       /* random byte */
     unsigned char header[RAND_HEAD_LEN-2]; /* random header */

diff --git a/thirdparty/minizip/ioapi.c b/thirdparty/minizip/ioapi.c
@@ -58,7 +58,7 @@ ZPOS64_T call_ztell64 (const zlib_filefunc64_32_def* pfilefunc,voidpf filestream
         return (*(pfilefunc->zfile_func64.ztell64_file)) (pfilefunc->zfile_func64.opaque,filestream);
     else
     {
-        uLong tell_uLong = (*(pfilefunc->ztell32_file))(pfilefunc->zfile_func64.opaque,filestream);
+        uLong tell_uLong = (uLong)(*(pfilefunc->ztell32_file))(pfilefunc->zfile_func64.opaque,filestream);
         if ((tell_uLong) == MAXU32)
             return (ZPOS64_T)-1;
         else
@@ -101,6 +101,7 @@ static int     ZCALLBACK ferror_file_func OF((voidpf opaque, voidpf stream));
 
 static voidpf ZCALLBACK fopen_file_func (voidpf opaque, const char* filename, int mode)
 {
+    (void)opaque;
     FILE* file = NULL;
     const char* mode_fopen = NULL;
     if ((mode & ZLIB_FILEFUNC_MODE_READWRITEFILTER)==ZLIB_FILEFUNC_MODE_READ)
@@ -119,6 +120,7 @@ static voidpf ZCALLBACK fopen_file_func (voidpf opaque, const char* filename, in
 
 static voidpf ZCALLBACK fopen64_file_func (voidpf opaque, const void* filename, int mode)
 {
+    (void)opaque;
     FILE* file = NULL;
     const char* mode_fopen = NULL;
     if ((mode & ZLIB_FILEFUNC_MODE_READWRITEFILTER)==ZLIB_FILEFUNC_MODE_READ)
@@ -138,20 +140,23 @@ static voidpf ZCALLBACK fopen64_file_func (voidpf opaque, const void* filename,
 
 static uLong ZCALLBACK fread_file_func (voidpf opaque, voidpf stream, void* buf, uLong size)
 {
+    (void)opaque;
     uLong ret;
     ret = (uLong)fread(buf, 1, (size_t)size, (FILE *)stream);
     return ret;
 }
 
 static uLong ZCALLBACK fwrite_file_func (voidpf opaque, voidpf stream, const void* buf, uLong size)
 {
+    (void)opaque;
     uLong ret;
     ret = (uLong)fwrite(buf, 1, (size_t)size, (FILE *)stream);
     return ret;
 }
 
 static long ZCALLBACK ftell_file_func (voidpf opaque, voidpf stream)
 {
+    (void)opaque;
     long ret;
     ret = ftell((FILE *)stream);
     return ret;
@@ -160,13 +165,15 @@ static long ZCALLBACK ftell_file_func (voidpf opaque, voidpf stream)
 
 static ZPOS64_T ZCALLBACK ftell64_file_func (voidpf opaque, voidpf stream)
 {
+    (void)opaque;
     ZPOS64_T ret;
-    ret = FTELLO_FUNC((FILE *)stream);
+    ret = (ZPOS64_T)FTELLO_FUNC((FILE *)stream);
     return ret;
 }
 
 static long ZCALLBACK fseek_file_func (voidpf  opaque, voidpf stream, uLong offset, int origin)
 {
+    (void)opaque;
     int fseek_origin=0;
     long ret;
     switch (origin)
@@ -183,13 +190,14 @@ static long ZCALLBACK fseek_file_func (voidpf  opaque, voidpf stream, uLong offs
     default: return -1;
     }
     ret = 0;
-    if (fseek((FILE *)stream, offset, fseek_origin) != 0)
+    if (fseek((FILE *)stream, (long)offset, fseek_origin) != 0)
         ret = -1;
     return ret;
 }
 
 static long ZCALLBACK fseek64_file_func (voidpf  opaque, voidpf stream, ZPOS64_T offset, int origin)
 {
+    (void)opaque;
     int fseek_origin=0;
     long ret;
     switch (origin)
@@ -207,7 +215,7 @@ static long ZCALLBACK fseek64_file_func (voidpf  opaque, voidpf stream, ZPOS64_T
     }
     ret = 0;
 
-    if(FSEEKO_FUNC((FILE *)stream, offset, fseek_origin) != 0)
+    if(FSEEKO_FUNC((FILE *)stream, (long)offset, fseek_origin) != 0)
                         ret = -1;
 
     return ret;
@@ -216,13 +224,15 @@ static long ZCALLBACK fseek64_file_func (voidpf  opaque, voidpf stream, ZPOS64_T
 
 static int ZCALLBACK fclose_file_func (voidpf opaque, voidpf stream)
 {
+    (void)opaque;
     int ret;
     ret = fclose((FILE *)stream);
     return ret;
 }
 
 static int ZCALLBACK ferror_file_func (voidpf opaque, voidpf stream)
 {
+    (void)opaque;
     int ret;
     ret = ferror((FILE *)stream);
     return ret;

diff --git a/thirdparty/minizip/ioapi.h b/thirdparty/minizip/ioapi.h
@@ -107,8 +107,7 @@ typedef  64BIT_INT_CUSTOM_TYPE ZPOS64_T;
 typedef uint64_t ZPOS64_T;
 #else
 
-/* Maximum unsigned 32-bit value used as placeholder for zip64 */
-#define MAXU32 0xffffffff
+
 
 #if defined(_MSC_VER) || defined(__BORLANDC__)
 typedef unsigned __int64 ZPOS64_T;
@@ -118,7 +117,10 @@ typedef unsigned long long int ZPOS64_T;
 #endif
 #endif
 
-
+/* Maximum unsigned 32-bit value used as placeholder for zip64 */
+#ifndef MAXU32
+#define MAXU32 (0xffffffff)
+#endif
 
 #ifdef __cplusplus
 extern "C" {

diff --git a/...nizip/godot-zlib-1.2.4-minizip-seek.patch → thirdparty/minizip/patches/godot-seek.patch b/...nizip/godot-zlib-1.2.4-minizip-seek.patch → thirdparty/minizip/patches/godot-seek.patch
@@ -1,8 +1,8 @@
 diff --git a/thirdparty/minizip/ioapi.c b/thirdparty/minizip/ioapi.c
-index 49958f61f..0afbdc06a 100644
+index d666e5a228..db4c33b4b9 100644
 --- a/thirdparty/minizip/ioapi.c
 +++ b/thirdparty/minizip/ioapi.c
-@@ -68,8 +68,15 @@ void fill_zlib_filefunc64_32_def_from_filefunc32(zlib_filefunc64_32_def* p_filef
+@@ -80,8 +80,15 @@ void fill_zlib_filefunc64_32_def_from_filefunc32(zlib_filefunc64_32_def* p_filef
      p_filefunc64_32->zfile_func64.opaque = p_filefunc32->opaque;
      p_filefunc64_32->zseek32_file = p_filefunc32->zseek_file;
      p_filefunc64_32->ztell32_file = p_filefunc32->ztell_file;
@@ -18,18 +18,18 @@ index 49958f61f..0afbdc06a 100644
 
 
  static voidpf  ZCALLBACK fopen_file_func OF((voidpf opaque, const char* filename, int mode));
-@@ -233,3 +240,6 @@ void fill_fopen64_filefunc (zlib_filefunc64_def*  pzlib_filefunc_def)
+@@ -255,3 +262,6 @@ void fill_fopen64_filefunc (zlib_filefunc64_def*  pzlib_filefunc_def)
      pzlib_filefunc_def->zerror_file = ferror_file_func;
      pzlib_filefunc_def->opaque = NULL;
  }
 +// GODOT start
 +*/
 +/* GODOT end */
 diff --git a/thirdparty/minizip/ioapi.h b/thirdparty/minizip/ioapi.h
-index 8309c4cf8..f25ab6464 100644
+index 114bfab762..2f24a5b6a0 100644
 --- a/thirdparty/minizip/ioapi.h
 +++ b/thirdparty/minizip/ioapi.h
-@@ -145,6 +145,10 @@ typedef struct zlib_filefunc_def_s
+@@ -155,6 +155,10 @@ typedef struct zlib_filefunc_def_s
      close_file_func     zclose_file;
      testerror_file_func zerror_file;
      voidpf              opaque;
@@ -40,7 +40,7 @@ index 8309c4cf8..f25ab6464 100644
  } zlib_filefunc_def;
 
  typedef ZPOS64_T (ZCALLBACK *tell64_file_func)    OF((voidpf opaque, voidpf stream));
-@@ -161,6 +165,10 @@ typedef struct zlib_filefunc64_def_s
+@@ -171,6 +175,10 @@ typedef struct zlib_filefunc64_def_s
      close_file_func     zclose_file;
      testerror_file_func zerror_file;
      voidpf              opaque;
@@ -52,7 +52,7 @@ index 8309c4cf8..f25ab6464 100644
 
  void fill_fopen64_filefunc OF((zlib_filefunc64_def* pzlib_filefunc_def));
 diff --git a/thirdparty/minizip/unzip.c b/thirdparty/minizip/unzip.c
-index 7617f41f1..32e27bd65 100644
+index 5e12e47474..3b191e827c 100644
 --- a/thirdparty/minizip/unzip.c
 +++ b/thirdparty/minizip/unzip.c
 @@ -157,6 +157,9 @@ typedef struct
@@ -98,32 +98,31 @@ index 7617f41f1..32e27bd65 100644
  /*
    Close a ZipFile opened with unzOpen.
    If there is files inside the .Zip opened with unzOpenCurrentFile (see later),
-@@ -1018,10 +1034,20 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file,
+@@ -1018,10 +1034,23 @@ local int unz64local_GetCurrentFileInfoInternal (unzFile file,
 
          if (lSeek!=0)
          {
--            if (ZSEEK64(s->z_filefunc, s->filestream,lSeek,ZLIB_FILEFUNC_SEEK_CUR)==0)
--                lSeek=0;
--            else
--                err=UNZ_ERRNO;
 +            /* GODOT start */
 +            if (lSeek<0) {
 +                // WORKAROUND for backwards seeking
-+                z_off_t pos = ZTELL64(s->z_filefunc, s->filestream);
-+                if (ZSEEK64(s->z_filefunc, s->filestream,pos+lSeek,ZLIB_FILEFUNC_SEEK_SET)==0)
++                ZPOS64_T pos = ZTELL64(s->z_filefunc, s->filestream);
++                if (ZSEEK64(s->z_filefunc, s->filestream,pos+(ZPOS64_T)lSeek,ZLIB_FILEFUNC_SEEK_SET)==0)
 +                    lSeek=0;
 +                else
 +                    err=UNZ_ERRNO;
 +            } else {
-+                if (ZSEEK64(s->z_filefunc, s->filestream,lSeek,ZLIB_FILEFUNC_SEEK_CUR)==0)
-+                    lSeek=0;
-+                else
-+                    err=UNZ_ERRNO;
++            /* GODOT end */
+             if (ZSEEK64(s->z_filefunc, s->filestream,(ZPOS64_T)lSeek,ZLIB_FILEFUNC_SEEK_CUR)==0)
+                 lSeek=0;
+             else
+                 err=UNZ_ERRNO;
++            /* GODOT start */
 +            }
++            /* GODOT end */
          }
 
          while(acc < file_info.size_file_extra)
-@@ -1575,8 +1601,10 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
+@@ -1575,8 +1604,10 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
      }
      else if ((s->cur_file_info.compression_method==Z_DEFLATED) && (!raw))
      {
@@ -136,7 +135,7 @@ index 7617f41f1..32e27bd65 100644
        pfile_in_zip_read_info->stream.opaque = (voidpf)0;
        pfile_in_zip_read_info->stream.next_in = 0;
        pfile_in_zip_read_info->stream.avail_in = 0;
-@@ -1608,6 +1636,9 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
+@@ -1608,6 +1639,9 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
                iSizeVar;
 
      pfile_in_zip_read_info->stream.avail_in = (uInt)0;
@@ -146,7 +145,7 @@ index 7617f41f1..32e27bd65 100644
 
      s->pfile_in_zip_read = pfile_in_zip_read_info;
                  s->encrypted = 0;
-@@ -1638,6 +1669,85 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
+@@ -1638,6 +1672,85 @@ extern int ZEXPORT unzOpenCurrentFile3 (unzFile file, int* method,
      return UNZ_OK;
  }
 
@@ -165,7 +164,7 @@ index 7617f41f1..32e27bd65 100644
 +
 +    if (pfile_in_zip_read_info->compression_method==Z_BZIP2ED) { // don't know how to support bzip
 +        return UNZ_INTERNALERROR;
-+    };
++    }
 +
 +    if ((pfile_in_zip_read_info->compression_method==0) || (pfile_in_zip_read_info->raw)) {
 +
@@ -204,7 +203,7 @@ index 7617f41f1..32e27bd65 100644
 +            pfile_in_zip_read_info->stream.avail_in = (uInt)0;
 +            pfile_in_zip_read_info->stream.total_out = 0;
 +            pfile_in_zip_read_info->stream.next_in = 0;
-+        };
++        }
 +
 +        // not sure where to read, so read on the stack
 +        {
@@ -216,24 +215,24 @@ index 7617f41f1..32e27bd65 100644
 +                int read = unzReadCurrentFile(file, buf, len);
 +                if (read < 0) {
 +                    return read;
-+                };
++                }
 +                to_read -= read;
 +                if (read == UNZ_EOF) {
 +                    return pos;
-+                };
-+            };
-+        };
-+    };
++                }
++            }
++        }
++    }
 +
 +    return pos;
-+};
++}
 +/* GODOT end */
 +
  extern int ZEXPORT unzOpenCurrentFile (unzFile file)
  {
      return unzOpenCurrentFile3(file, NULL, NULL, 0, NULL);
 diff --git a/thirdparty/minizip/unzip.h b/thirdparty/minizip/unzip.h
-index 3183968b7..54e65ad8a 100644
+index 6f95e94d75..71a7d89692 100644
 --- a/thirdparty/minizip/unzip.h
 +++ b/thirdparty/minizip/unzip.h
 @@ -202,6 +202,10 @@ extern int ZEXPORT unzClose OF((unzFile file));
@@ -262,7 +261,7 @@ index 3183968b7..54e65ad8a 100644
 
  extern ZPOS64_T ZEXPORT unztell64 OF((unzFile file));
 diff --git a/thirdparty/minizip/zip.c b/thirdparty/minizip/zip.c
-index 3c34fc8bd..d7093e745 100644
+index 4e611e1163..6d1c26d9f8 100644
 --- a/thirdparty/minizip/zip.c
 +++ b/thirdparty/minizip/zip.c
 @@ -854,9 +854,11 @@ extern zipFile ZEXPORT zipOpen3 (const void *pathname, int append, zipcharpc* gl
@@ -280,7 +279,7 @@ index 3c34fc8bd..d7093e745 100644
          ziinit.z_filefunc = *pzlib_filefunc64_32_def;
 
      ziinit.filestream = ZOPEN64(ziinit.z_filefunc,
-@@ -1210,8 +1212,10 @@ extern int ZEXPORT zipOpenNewFileInZip4_64 (zipFile file, const char* filename,
+@@ -1211,8 +1213,10 @@ extern int ZEXPORT zipOpenNewFileInZip4_64 (zipFile file, const char* filename,
      {
          if(zi->ci.method == Z_DEFLATED)
          {

diff --git a/...t-zlib-1.2.4-minizip-unbreak-gentoo.patch → ...arty/minizip/patches/unbreak-gentoo.patch b/...t-zlib-1.2.4-minizip-unbreak-gentoo.patch → ...arty/minizip/patches/unbreak-gentoo.patch