Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/7.0] Upgrade zlib to 1.3.1 #99474

Conversation

carlossanlop
Copy link
Member

@carlossanlop carlossanlop commented Mar 9, 2024

Backport of #99472

Customer Impact

This is a required OSS update of our zlib library from version 1.2.13 (it has no CVEs) to the latest version, 1.3.1.

Regression

  • Yes
  • No

The 1.3.1 official release notes with the list of fixed bugs can be found here: https://github.com/madler/zlib/releases/tag/v1.3.1

Testing

Upstream unit testing in the official madler/zlib repo.
Our unit tests are also passing.

Risk

Very low.
Will merge the main PR first, then if no issues found on the next month, will merge this PR on Code Complete for the May Release (~mid April).

 "implicit-int-conversion" warning

The change to deflate.c is legal because 'len' has an upper bound of
MAX_STORED, which means it fits cleanly into a 16-bit integer. So
writing out 2x 8-bit values will not result in data loss.

The change to trees.c is legal because within this loop, 'count' is
intended to have an upper bound of 138, with the target assignment
only executing if 'count' is bounded by 4. Neither the 'count' local
in isolation nor the addition that's part of the target line is
expected to result in integer overflow. But even if it did, that's a
matter for a different warning code and doesn't impact the correctness
of the narrowing cast being considered here.

Author: Levi Broderick <levib@microsoft.com>
@carlossanlop carlossanlop added the Servicing-consider Issue for next servicing release review label Mar 11, 2024
@carlossanlop carlossanlop added this to the 8.0.x milestone Mar 11, 2024
@carlossanlop carlossanlop added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Mar 11, 2024
@carlossanlop
Copy link
Member Author

carlossanlop commented Mar 11, 2024

Approved by Tactics via email.

@carlossanlop carlossanlop added the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Mar 11, 2024
@carlossanlop carlossanlop modified the milestones: 8.0.x, 7.0.19 Mar 11, 2024
@carlossanlop carlossanlop removed the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Mar 19, 2024
@carlossanlop carlossanlop merged commit 970ecf6 into dotnet:release/7.0-staging Mar 20, 2024
173 of 179 checks passed
@carlossanlop carlossanlop deleted the carlossanlop/runtime7-zlib-131 branch March 20, 2024 00:44
@github-actions github-actions bot locked and limited conversation to collaborators Apr 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants