From 5597f76e2bf2e149272976ea46dfdce7f1f9669f Mon Sep 17 00:00:00 2001
From: git-bruh <e817509a-8ee9-4332-b0ad-3a6bdf9ab63f@aleeas.com>
Date: Thu, 13 Oct 2022 16:59:34 +0530
Subject: [PATCH] zlib: add crc32 patch and fix CVE-2022-37434

---
 core/zlib/build                             |  4 +-
 core/zlib/checksums                         |  3 ++
 core/zlib/patches/0001-CVE-2022-37434.patch | 32 +++++++++++++
 core/zlib/patches/0002-CVE-2022-37434.patch | 29 ++++++++++++
 core/zlib/patches/crc32.patch               | 51 +++++++++++++++++++++
 core/zlib/sources                           |  3 ++
 core/zlib/version                           |  2 +-
 7 files changed, 122 insertions(+), 2 deletions(-)
 create mode 100644 core/zlib/patches/0001-CVE-2022-37434.patch
 create mode 100644 core/zlib/patches/0002-CVE-2022-37434.patch
 create mode 100644 core/zlib/patches/crc32.patch

diff --git a/core/zlib/build b/core/zlib/build
index e77abad9..ced8305a 100755
--- a/core/zlib/build
+++ b/core/zlib/build
@@ -2,7 +2,9 @@
 
 export CFLAGS="$CFLAGS -fPIC"
 
-patch -p1 < Fix-CC-logic-in-configure.patch
+for patch in *.patch; do
+    patch -p1 < "$patch"
+done
 
 ./configure \
     --prefix=/usr
diff --git a/core/zlib/checksums b/core/zlib/checksums
index 587b875b..bec3eb35 100644
--- a/core/zlib/checksums
+++ b/core/zlib/checksums
@@ -1,2 +1,5 @@
 91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9
+0bf4794975bd3be95f3f1d92cdf781a26c937d5c879b72939ae9cffbf6c430c7
+db41b76fd40bdc77b26e9a202177cee807da5e7cf751e72298d62742c349057d
 f35eb05334a4f8d7b40b6c5610a6369f654863b5fa1a19c2507888f918025238
+00e023c3ccb7b895ebb3421970b1b77f8a527b40190f35050b79fd0e817a7b0c
diff --git a/core/zlib/patches/0001-CVE-2022-37434.patch b/core/zlib/patches/0001-CVE-2022-37434.patch
new file mode 100644
index 00000000..dc84d3a1
--- /dev/null
+++ b/core/zlib/patches/0001-CVE-2022-37434.patch
@@ -0,0 +1,32 @@
+From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
+From: Mark Adler <fork@madler.net>
+Date: Sat, 30 Jul 2022 15:51:11 -0700
+Subject: [PATCH] Fix a bug when getting a gzip header extra field with
+ inflate().
+
+If the extra field was larger than the space the user provided with
+inflateGetHeader(), and if multiple calls of inflate() delivered
+the extra header data, then there could be a buffer overflow of the
+provided space. This commit assures that provided space is not
+exceeded.
+---
+ inflate.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/inflate.c b/inflate.c
+index 7be8c6366..7a7289749 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -763,9 +763,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
++                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
++                        state->head->extra != Z_NULL &&
++                        len < state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
diff --git a/core/zlib/patches/0002-CVE-2022-37434.patch b/core/zlib/patches/0002-CVE-2022-37434.patch
new file mode 100644
index 00000000..c5c95a92
--- /dev/null
+++ b/core/zlib/patches/0002-CVE-2022-37434.patch
@@ -0,0 +1,29 @@
+From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
+From: Mark Adler <fork@madler.net>
+Date: Mon, 8 Aug 2022 10:50:09 -0700
+Subject: [PATCH] Fix extra field processing bug that dereferences NULL
+ state->head.
+
+The recent commit to fix a gzip header extra field processing bug
+introduced the new bug fixed here.
+---
+ inflate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/inflate.c b/inflate.c
+index 7a7289749..2a3c4fe98 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -763,10 +763,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
+-                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+                         state->head->extra != Z_NULL &&
+-                        len < state->head->extra_max) {
++                        (len = state->head->extra_len - state->length) <
++                            state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
diff --git a/core/zlib/patches/crc32.patch b/core/zlib/patches/crc32.patch
new file mode 100644
index 00000000..85a6a7e3
--- /dev/null
+++ b/core/zlib/patches/crc32.patch
@@ -0,0 +1,51 @@
+From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Wed, 30 Mar 2022 11:14:53 -0700
+Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
+
+The previous releases of zlib were not sensitive to incorrect CRC
+inputs with bits set above the low 32. This commit restores that
+behavior, so that applications with such bugs will continue to
+operate as before.
+---
+ crc32.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/crc32.c b/crc32.c
+index a1bdce5c2..451887bc7 100644
+--- a/crc32.c
++++ b/crc32.c
+@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
+ #endif /* DYNAMIC_CRC_TABLE */
+ 
+     /* Pre-condition the CRC */
+-    crc ^= 0xffffffff;
++    crc = (~crc) & 0xffffffff;
+ 
+     /* Compute the CRC up to a word boundary. */
+     while (len && ((z_size_t)buf & 7) != 0) {
+@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
+ #endif /* DYNAMIC_CRC_TABLE */
+ 
+     /* Pre-condition the CRC */
+-    crc ^= 0xffffffff;
++    crc = (~crc) & 0xffffffff;
+ 
+ #ifdef W
+ 
+@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
+ #ifdef DYNAMIC_CRC_TABLE
+     once(&made, make_crc_table);
+ #endif /* DYNAMIC_CRC_TABLE */
+-    return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
++    return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
+ }
+ 
+ /* ========================================================================= */
+@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
+     uLong crc2;
+     uLong op;
+ {
+-    return multmodp(op, crc1) ^ crc2;
++    return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
+ }
diff --git a/core/zlib/sources b/core/zlib/sources
index abe6181c..b68731e8 100644
--- a/core/zlib/sources
+++ b/core/zlib/sources
@@ -1,2 +1,5 @@
 https://zlib.net/fossils/zlib-VERSION.tar.gz
+patches/0001-CVE-2022-37434.patch
+patches/0002-CVE-2022-37434.patch
 patches/Fix-CC-logic-in-configure.patch
+patches/crc32.patch
diff --git a/core/zlib/version b/core/zlib/version
index d9f2a341..e6eb08df 100644
--- a/core/zlib/version
+++ b/core/zlib/version
@@ -1 +1 @@
-1.2.12 1
+1.2.12 2