[release/7.0] Upgrade zlib to 1.3.1 #99474

carlossanlop · 2024-03-09T01:53:21Z

Backport of #99472

Customer Impact

This is a required OSS update of our zlib library from version 1.2.13 (it has no CVEs) to the latest version, 1.3.1.

Regression

Yes
No

The 1.3.1 official release notes with the list of fixed bugs can be found here: https://github.com/madler/zlib/releases/tag/v1.3.1

Testing

Upstream unit testing in the official madler/zlib repo.
Our unit tests are also passing.

Risk

Very low.
Will merge the main PR first, then if no issues found on the next month, will merge this PR on Code Complete for the May Release (~mid April).

"implicit-int-conversion" warning The change to deflate.c is legal because 'len' has an upper bound of MAX_STORED, which means it fits cleanly into a 16-bit integer. So writing out 2x 8-bit values will not result in data loss. The change to trees.c is legal because within this loop, 'count' is intended to have an upper bound of 138, with the target assignment only executing if 'count' is bounded by 4. Neither the 'count' local in isolation nor the addition that's part of the target line is expected to result in integer overflow. But even if it did, that's a matter for a different warning code and doesn't impact the correctness of the narrowing cast being considered here. Author: Levi Broderick <levib@microsoft.com>

src/native/external/zlib-version.txt

carlossanlop · 2024-03-11T20:11:02Z

Approved by Tactics via email.

carlossanlop added 4 commits March 8, 2024 14:47

[7.0] Upgrade zlib to 1.3.1

8c95ada

Bring in patch to remove implicit narrowing conversions from zlib

b4cc250

Update cgmanifest.json and THIRD-PARTY-NOTICES.TXT

68d295c

carlossanlop added the area-System.IO.Compression label Mar 9, 2024

carlossanlop requested review from GrabYourPitchforks, ViktorHofer and ericstj March 9, 2024 01:53

carlossanlop self-assigned this Mar 9, 2024

build-analysis bot mentioned this pull request Mar 9, 2024

[wasm][7.0-staging] System.Runtime.Intrinsics, and System.Runtime tests with AOT timing out on windows #87482

Open

carlossanlop commented Mar 11, 2024

View reviewed changes

src/native/external/zlib-version.txt Outdated Show resolved Hide resolved

Bring back patches comment, remove unnecessary file removal comment.

657ca65

carlossanlop added the Servicing-consider Issue for next servicing release review label Mar 11, 2024

carlossanlop added this to the 8.0.x milestone Mar 11, 2024

carlossanlop added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Mar 11, 2024

carlossanlop added the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Mar 11, 2024

carlossanlop modified the milestones: 8.0.x, 7.0.19 Mar 11, 2024

carlossanlop removed the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Mar 19, 2024

GrabYourPitchforks approved these changes Mar 20, 2024

View reviewed changes

carlossanlop merged commit 970ecf6 into dotnet:release/7.0-staging Mar 20, 2024
173 of 179 checks passed

carlossanlop deleted the carlossanlop/runtime7-zlib-131 branch March 20, 2024 00:44

github-actions bot locked and limited conversation to collaborators Apr 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[release/7.0] Upgrade zlib to 1.3.1 #99474

[release/7.0] Upgrade zlib to 1.3.1 #99474

carlossanlop commented Mar 9, 2024 •

edited

carlossanlop commented Mar 11, 2024 •

edited

[release/7.0] Upgrade zlib to 1.3.1 #99474

[release/7.0] Upgrade zlib to 1.3.1 #99474

Conversation

carlossanlop commented Mar 9, 2024 • edited

Customer Impact

Regression

Testing

Risk

carlossanlop commented Mar 11, 2024 • edited

carlossanlop commented Mar 9, 2024 •

edited

carlossanlop commented Mar 11, 2024 •

edited