8295530: Update Zlib Data Compression Library to Version 1.2.13

[sxa]

Backporting zlib 1.2.13 from JDK17u due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434 (9.8 CVSS score)
Tested on Windows which is generally the only platform I use which uses bundled zlib. This makes the zlib directory in the source identical to the one for JDK17u so should not cause any problems. I'll look at the feasibility of doing the same on JDK8 too.

Reviewed-by: alanb, jpai

---

Progress

• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13

Reviewers

• Paul Hohensee (@phohensee - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev pull/1788/head:pull/1788
$ git checkout pull/1788

Update a local copy of the PR:
$ git checkout pull/1788
$ git pull https://git.openjdk.org/jdk11u-dev pull/1788/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1788

View PR using the GUI difftool:
$ git pr show -t 1788

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/1788.diff

[bridgekeeper]

👋 Welcome back sxa! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[openjdk]

⚠️ @sxa the full name on your profile does not match the author name in this pull requests' HEAD commit. If this pull request gets integrated then the author name from this pull requests' HEAD commit will be used for the resulting commit. If you wish to push a new commit with a different author name, then please run the following commands in a local repository of your personal fork:

$ git checkout zlib1213
$ git commit --author='Preferred Full Name <you@example.com>' --allow-empty -m 'Update full name'
$ git push

[openjdk]

@sxa This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8295530: Update Zlib Data Compression Library to Version 1.2.13

Reviewed-by: phh

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 2 new commits pushed to the master branch:

• bd9c2fb: 8290197: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails on some systems for the ".rar" extension
• 15bdc4d: 8235448: code cleanup in SSLContextImpl.java

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@phohensee) but any other Committer may sponsor as well.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

[sxa]

/integrate

[mlbridge]

Webrevs

• 00: Full (d52763b2)

[openjdk]

@sxa
Your change (at version d52763b) is now ready to be sponsored by a Committer.

[phohensee]

What did your testing consist of?

[sxa]

@phohensee I've run through the tier1 tests on Windows (results here) plus verified with some of the compression related tests from the TCK.
Since this is likely to be relatively low risk and is already in 17 and we typically build without the in-tree zlib on other platforms I felt that was adequate. If you want me to run more exhaustive testing let me know.

[phohensee]

Thanks for the test details. Lgtm.

[phohensee]

Tagged the JBS issue.

[GoeLin]

@sxa, please only integrate if you have the fix-yes label on the JBS issue.

[sxa]

@GoeLin Do I need to re-trigger the integrate now that JDK-8295530 has jdk11u-fix-yes on it?

[phohensee]

/sponsor

Got approval.

[openjdk]

Going to push as commit 125cf5a.
Since your change was applied there have been 4 commits pushed to the master branch:

• de6d2c9: 8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
• 2405ca6: 8299520: TestPrintXML.java output error messages in case compare fails
• bd9c2fb: 8290197: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails on some systems for the ".rar" extension
• 15bdc4d: 8235448: code cleanup in SSLContextImpl.java

Your commit was automatically rebased without conflicts.

[openjdk]

@phohensee @sxa Pushed as commit 125cf5a.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

[jerboaa]

Do I need to re-trigger the integrate now that JDK-8295530 has jdk11u-fix-yes on it?

Stating the obvious: no. :) But next time please only issue /integrate after jdk11u-fix-yes is present.