zlib/minizip: Update to version 1.2.13, remove zlib from freetype

[DeeJayLSP]

I wanted to update zlib and minizip on a single commit, but both seem to act independently from each other.

I plan to update minizip on another PR (it is ready, but unsure if patches are done correctly), but if the maintainers demand minizip here too, I will do a force push once it's ready.

[akien-mga]

Looks good, but indeed it would be better to have zlib and minizip in the same commit, as they're part of the same codebase.

[akien-mga]

For the record, this is a security update:

zlib 1.2.13 release notes

October 13, 2022

Version 1.2.13 has these key updates:

• Fix a bug when getting a gzip header extra field with inflateGetHeader(). This remedies CVE-2022-37434.
• Fix a bug in block type selection when Z_FIXED used. Now the smallest block type is selected, for better compression.
• Fix a configure issue that discarded the provided CC definition.
• Correct incorrect inputs provided to the CRC functions. This mitigates a bug in Java.
• Repair prototypes and exporting of the new CRC functions.
• Fix inflateBack to detect invalid input with distances too far.

Due to the first bug fix, any installations of 1.2.12 or earlier should be replaced with 1.2.13.

[akien-mga]

Pushed an update to sync minizip with the zlib 1.2.13 code. The security vulnerability doesn't seem to affect our usage but it's worth patching anyway.

I also removed the vendored copy of zlib from thirdparty/freetype/src/gzip/ so that we don't need to patch it ourselves until upstream releases a new freetype patch release. It's better anyway to ensure that we use a single copy of that code (I'm not sure which include path took precedence before between thirdparty/zlib and thirdparty/freetype/src/gzip when building freetype).

[akien-mga]

Thanks!

[akien-mga]

Cherry-picked for 3.6.

[akien-mga]

Cherry-picked for 3.5.2.