[jdk8u-dev] RFR: 8295530: Update Zlib Data Compression Library to Version 1.2.13 [v4]

Stewart X Addison duke at openjdk.org
Fri Mar 17 11:25:56 UTC 2023 

On Wed, 8 Mar 2023 12:40:59 GMT, Stewart X Addison <duke at openjdk.org> wrote:

>> As per https://github.com/openjdk/jdk11u-dev/pull/1788 which backported this to 11.
>> 
>> Backporting zlib 1.2.13 due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434 (9.8 CVSS score)
>> As per the JDK11u change this makes the zlib directory in the source identical to the one for JDK17u so I do not anticipate any problems. 
>> 
>> I've run a test build on one Linux/mac/windows version and will run the same set of tier1 testing that I did on the 11 PR, plus some others. I'll probably try to run on some other platforms before requesting an integrate, but I'll also need a sponsor to add the appropriate tags to [JDK-8295530](https://bugs.openjdk.org/browse/JDK-8295530) so I'm opening this now.
>> 
>> - Tier 1 (Linux/x64): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_linux/1019/testReport/
>> - Tier 1 (macOS/x64): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_mac/778/testReport/
>> - Tier 1 (Windows/x32): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-32_windows/719/testReport/
>> 
>> This is the first time I've backported to 8 with skara - I'm assuming the process is now the same as 11. If not, please let me know and I will adjust accordingly.
>
> Stewart X Addison has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update  line for zlib 1.2.13
>   
>   Signed-off-by: Stewart X Addison <sxa at redhat.com>

>    Tier 1 (Linux/x64): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_linux/1019/testReport/
>    Tier 1 (macOS/x64): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_mac/778/testReport/
>    Tier 1 (Windows/x32): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-32_windows/719/testReport/

Also verified with the tier 1 suites on [AIX](https://ci.adoptium.net/view/Test_openjdk/job/Test_openjdk8_hs_sanity.openjdk_ppc64_aix/638/), [linux/s390x](https://ci.adoptium.net/view/Test_openjdk/job/Test_openjdk8_hs_sanity.openjdk_s390x_linux/773/) and Solaris [x64](https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_solaris/223/) and [SPARC](https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_sparcv9_solaris/244/) with this patch on top of the jdk8u codebase which has an additional fix in. No new regressions introduced.

-------------

PR: https://git.openjdk.org/jdk8u-dev/pull/277

More information about the jdk8u-dev mailing list