[jdk8u-dev] RFR: 8295530: Update Zlib Data Compression Library to Version 1.2.13 [v2]
Andrew John Hughes
andrew at openjdk.org
Wed Mar 8 03:09:09 UTC 2023
On Sun, 5 Mar 2023 11:42:25 GMT, Stewart X Addison <duke at openjdk.org> wrote:
>> As per https://github.com/openjdk/jdk11u-dev/pull/1788 which backported this to 11.
>>
>> Backporting zlib 1.2.13 due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434 (9.8 CVSS score)
>> As per the JDK11u change this makes the zlib directory in the source identical to the one for JDK17u so I do not anticipate any problems.
>>
>> I've run a test build on one Linux/mac/windows version and will run the same set of tier1 testing that I did on the 11 PR, plus some others. I'll probably try to run on some other platforms before requesting an integrate, but I'll also need a sponsor to add the appropriate tags to [JDK-8295530](https://bugs.openjdk.org/browse/JDK-8295530) so I'm opening this now.
>>
>> - Tier 1 (Linux/x64): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_linux/1019/testReport/
>> - Tier 1 (macOS/x64): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_mac/778/testReport/
>> - Tier 1 (Windows/x32): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-32_windows/719/testReport/
>>
>> This is the first time I've backported to 8 with skara - I'm assuming the process is now the same as 11. If not, please let me know and I will adjust accordingly.
>
> Stewart X Addison has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
>
> Backport 6042c6b9bbacbff1bd47f087f0f19646a20eef97
>
> Signed-off-by: Stewart X Addison <sxa at redhat.com>
The changes made to `zlib.md` in the 11u patch need to be made to `THIRD_PARTY_README` in 8u.
There are currently multiple identical copies of this file across the old subrepositories. I would suggest just updating the top-level one. I'll open a separate bug & PR to remove the duplicates which I don't think are helpful any more.
~~~
$ grep 'zlib' $(find -name 'THIRD_PARTY_README')
./THIRD_PARTY_README:%% This notice is provided with respect to zlib v1.2.11, which may be included
./corba/THIRD_PARTY_README:%% This notice is provided with respect to zlib v1.2.11, which may be included
./hotspot/THIRD_PARTY_README:%% This notice is provided with respect to zlib v1.2.11, which may be included
./jaxp/THIRD_PARTY_README:%% This notice is provided with respect to zlib v1.2.11, which may be included
./jaxws/THIRD_PARTY_README:%% This notice is provided with respect to zlib v1.2.11, which may be included
./jdk/THIRD_PARTY_README:%% This notice is provided with respect to zlib v1.2.11, which may be included
./langtools/THIRD_PARTY_README:%% This notice is provided with respect to zlib v1.2.11, which may be included
./nashorn/THIRD_PARTY_README:%% This notice is provided with respect to zlib v1.2.11, which may be included
~~~
-------------
PR: https://git.openjdk.org/jdk8u-dev/pull/277
More information about the jdk8u-dev
mailing list