zlib/minizip: Update to version 1.3.1

Minizip includes previously backported fix for CVE-2023-45853,
and a Debian patch for CVE-2014-9485 was also upstreamed.

7 files changed, 18 insertions, 54 deletions

diff --git a/thirdparty/minizip/ioapi.h b/thirdparty/minizip/ioapi.h
index 14266141c6..509b52da8a 100644
--- a/thirdparty/minizip/ioapi.h
+++ b/thirdparty/minizip/ioapi.h
@@ -144,7 +144,7 @@ typedef long     (ZCALLBACK *tell_file_func)      (voidpf opaque, voidpf stream)
 typedef long     (ZCALLBACK *seek_file_func)      (voidpf opaque, voidpf stream, uLong offset, int origin);
 
 
-/* here is the "old" 32 bits structure structure */
+/* here is the "old" 32 bits structure */
 typedef struct zlib_filefunc_def_s
 {
     open_file_func      zopen_file;
diff --git a/thirdparty/minizip/patches/CVE-2023-45853.patch b/thirdparty/minizip/patches/CVE-2023-45853.patch
deleted file mode 100644
index 784c57766f..0000000000
--- a/thirdparty/minizip/patches/CVE-2023-45853.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
-From: Hans Wennborg <hans@chromium.org>
-Date: Fri, 18 Aug 2023 11:05:33 +0200
-Subject: [PATCH] Reject overflows of zip header fields in minizip.
-
-This checks the lengths of the file name, extra field, and comment
-that would be put in the zip headers, and rejects them if they are
-too long. They are each limited to 65535 bytes in length by the zip
-format. This also avoids possible buffer overflows if the provided
-fields are too long.
----
- contrib/minizip/zip.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
-index 3d3d4cadd..0446109b2 100644
---- a/contrib/minizip/zip.c
-+++ b/contrib/minizip/zip.c
-@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
-       return ZIP_PARAMERROR;
- #endif
- 
-+    // The filename and comment length must fit in 16 bits.
-+    if ((filename!=NULL) && (strlen(filename)>0xffff))
-+        return ZIP_PARAMERROR;
-+    if ((comment!=NULL) && (strlen(comment)>0xffff))
-+        return ZIP_PARAMERROR;
-+    // The extra field length must fit in 16 bits. If the member also requires
-+    // a Zip64 extra block, that will also need to fit within that 16-bit
-+    // length, but that will be checked for later.
-+    if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
-+        return ZIP_PARAMERROR;
-+
-     zi = (zip64_internal*)file;
- 
-     if (zi->in_opened_file_inzip == 1)
diff --git a/thirdparty/minizip/patches/godot-seek.patch b/thirdparty/minizip/patches/godot-seek.patch
index 269536ba85..649de2fe2f 100644
--- a/thirdparty/minizip/patches/godot-seek.patch
+++ b/thirdparty/minizip/patches/godot-seek.patch
@@ -26,7 +26,7 @@ index 782d32469a..2e89f5f41a 100644
 +*/
 +/* GODOT end */
 diff --git a/thirdparty/minizip/ioapi.h b/thirdparty/minizip/ioapi.h
-index c588a18d03..14266141c6 100644
+index a2d2e6e60d..509b52da8a 100644
 --- a/thirdparty/minizip/ioapi.h
 +++ b/thirdparty/minizip/ioapi.h
 @@ -155,6 +155,10 @@ typedef struct zlib_filefunc_def_s
@@ -52,7 +52,7 @@ index c588a18d03..14266141c6 100644
  
  void fill_fopen64_filefunc(zlib_filefunc64_def* pzlib_filefunc_def);
 diff --git a/thirdparty/minizip/unzip.c b/thirdparty/minizip/unzip.c
-index ed763f89f1..2f8c5f3675 100644
+index ea05b7d62a..981ba3c0cb 100644
 --- a/thirdparty/minizip/unzip.c
 +++ b/thirdparty/minizip/unzip.c
 @@ -152,6 +152,9 @@ typedef struct
@@ -232,7 +232,7 @@ index ed763f89f1..2f8c5f3675 100644
      return unzOpenCurrentFile3(file, NULL, NULL, 0, NULL);
  }
 diff --git a/thirdparty/minizip/unzip.h b/thirdparty/minizip/unzip.h
-index 14105840f6..1a477ecb50 100644
+index 5cfc9c6274..0639674574 100644
 --- a/thirdparty/minizip/unzip.h
 +++ b/thirdparty/minizip/unzip.h
 @@ -202,6 +202,10 @@ extern int ZEXPORT unzClose(unzFile file);
@@ -261,7 +261,7 @@ index 14105840f6..1a477ecb50 100644
  
  extern ZPOS64_T ZEXPORT unztell64(unzFile file);
 diff --git a/thirdparty/minizip/zip.c b/thirdparty/minizip/zip.c
-index 3d3d4cadde..e859f9e42f 100644
+index 60bdffac34..1d2d918e72 100644
 --- a/thirdparty/minizip/zip.c
 +++ b/thirdparty/minizip/zip.c
 @@ -820,9 +820,11 @@ extern zipFile ZEXPORT zipOpen3(const void *pathname, int append, zipcharpc* glo
@@ -279,7 +279,7 @@ index 3d3d4cadde..e859f9e42f 100644
          ziinit.z_filefunc = *pzlib_filefunc64_32_def;
  
      ziinit.filestream = ZOPEN64(ziinit.z_filefunc,
-@@ -1171,8 +1173,10 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
+@@ -1182,8 +1184,10 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
      {
          if(zi->ci.method == Z_DEFLATED)
          {
diff --git a/thirdparty/minizip/unzip.c b/thirdparty/minizip/unzip.c
index 41a203b164..981ba3c0cb 100644
--- a/thirdparty/minizip/unzip.c
+++ b/thirdparty/minizip/unzip.c
@@ -117,7 +117,7 @@
 const char unz_copyright[] =
    " unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll";
 
-/* unz_file_info_interntal contain internal info about a file in zipfile*/
+/* unz_file_info64_internal contain internal info about a file in zipfile*/
 typedef struct unz_file_info64_internal_s
 {
     ZPOS64_T offset_curfile;/* relative offset of local header 8 bytes */
@@ -453,7 +453,7 @@ local ZPOS64_T unz64local_SearchCentralDir64(const zlib_filefunc64_32_def* pzlib
     if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
         return CENTRALDIRINVALID;
 
-    /* number of the disk with the start of the zip64 end of  central directory */
+    /* number of the disk with the start of the zip64 end of central directory */
     if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
         return CENTRALDIRINVALID;
     if (uL != 0)
@@ -500,9 +500,9 @@ local unzFile unzOpenInternal(const void *path,
     ZPOS64_T central_pos;
     uLong   uL;
 
-    uLong number_disk;          /* number of the current dist, used for
+    uLong number_disk;          /* number of the current disk, used for
                                    spanning ZIP, unsupported, always 0*/
-    uLong number_disk_with_CD;  /* number the the disk with central dir, used
+    uLong number_disk_with_CD;  /* number the disk with central dir, used
                                    for spanning ZIP, unsupported, always 0*/
     ZPOS64_T number_entry_CD;      /* total number of entries in
                                    the central dir
diff --git a/thirdparty/minizip/unzip.h b/thirdparty/minizip/unzip.h
index 1a477ecb50..0639674574 100644
--- a/thirdparty/minizip/unzip.h
+++ b/thirdparty/minizip/unzip.h
@@ -310,7 +310,7 @@ extern int ZEXPORT unzGetCurrentFileInfo(unzFile file,
   Get Info about the current file
   if pfile_info!=NULL, the *pfile_info structure will contain some info about
         the current file
-  if szFileName!=NULL, the filemane string will be copied in szFileName
+  if szFileName!=NULL, the filename string will be copied in szFileName
             (fileNameBufferSize is the size of the buffer)
   if extraField!=NULL, the extra field information will be copied in extraField
             (extraFieldBufferSize is the size of the buffer).
diff --git a/thirdparty/minizip/zip.c b/thirdparty/minizip/zip.c
index d76c643dfb..1d2d918e72 100644
--- a/thirdparty/minizip/zip.c
+++ b/thirdparty/minizip/zip.c
@@ -575,7 +575,7 @@ local ZPOS64_T zip64local_SearchCentralDir64(const zlib_filefunc64_32_def* pzlib
   if (zip64local_getLong(pzlib_filefunc_def,filestream,&uL)!=ZIP_OK)
     return 0;
 
-  /* number of the disk with the start of the zip64 end of  central directory */
+  /* number of the disk with the start of the zip64 end of central directory */
   if (zip64local_getLong(pzlib_filefunc_def,filestream,&uL)!=ZIP_OK)
     return 0;
   if (uL != 0)
@@ -614,9 +614,9 @@ local int LoadCentralDirectoryRecord(zip64_internal* pziinit) {
   ZPOS64_T central_pos;
   uLong uL;
 
-  uLong number_disk;          /* number of the current dist, used for
+  uLong number_disk;          /* number of the current disk, used for
                               spanning ZIP, unsupported, always 0*/
-  uLong number_disk_with_CD;  /* number the the disk with central dir, used
+  uLong number_disk_with_CD;  /* number of the disk with central dir, used
                               for spanning ZIP, unsupported, always 0*/
   ZPOS64_T number_entry;
   ZPOS64_T number_entry_CD;      /* total number of entries in
@@ -1612,7 +1612,7 @@ extern int ZEXPORT zipCloseFileInZipRaw64(zipFile file, ZPOS64_T uncompressed_si
 
       if((uLong)(datasize + 4) > zi->ci.size_centralExtraFree)
       {
-        // we can not write more data to the buffer that we have room for.
+        // we cannot write more data to the buffer that we have room for.
         return ZIP_BADZIPFILE;
       }
 
@@ -1876,7 +1876,7 @@ extern int ZEXPORT zipClose(zipFile file, const char* global_comment) {
     free_linkedlist(&(zi->central_dir));
 
     pos = centraldir_pos_inzip - zi->add_position_when_writing_offset;
-    if(pos >= 0xffffffff || zi->number_entry > 0xFFFF)
+    if(pos >= 0xffffffff || zi->number_entry >= 0xFFFF)
     {
       ZPOS64_T Zip64EOCDpos = ZTELL64(zi->z_filefunc,zi->filestream);
       Write_Zip64EndOfCentralDirectoryRecord(zi, size_centraldir, centraldir_pos_inzip);
diff --git a/thirdparty/minizip/zip.h b/thirdparty/minizip/zip.h
index 5fc0841324..3e230d3405 100644
--- a/thirdparty/minizip/zip.h
+++ b/thirdparty/minizip/zip.h
@@ -177,9 +177,9 @@ extern int ZEXPORT zipOpenNewFileInZip64(zipFile file,
   filename : the filename in zip (if NULL, '-' without quote will be used
   *zipfi contain supplemental information
   if extrafield_local!=NULL and size_extrafield_local>0, extrafield_local
-    contains the extrafield data the the local header
+    contains the extrafield data for the local header
   if extrafield_global!=NULL and size_extrafield_global>0, extrafield_global
-    contains the extrafield data the the local header
+    contains the extrafield data for the global header
   if comment != NULL, comment contain the comment string
   method contain the compression method (0 for store, Z_DEFLATED for deflate)
   level contain the level of compression (can be Z_DEFAULT_COMPRESSION)