From 4cf5a9edafdbd7afcbebede9abc85fb2152339f7 Mon Sep 17 00:00:00 2001
From: Andrea Fassina <fasenderos@gmail.com>
Date: Thu, 18 May 2023 00:36:45 +0200
Subject: [PATCH] tools: use latest upstream commit for zlib updates

Zlib rarely gets new tags or releases, so now we use the latest commit
on the upstream default branch to check if an update is available.

Refs: https://github.com/nodejs/security-wg/issues/973
PR-URL: https://github.com/nodejs/node/pull/48054
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
---
 tools/dep_updaters/update-zlib.sh | 35 +++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/tools/dep_updaters/update-zlib.sh b/tools/dep_updaters/update-zlib.sh
index 1ab07f6a8064ed..3902e9221264b0 100755
--- a/tools/dep_updaters/update-zlib.sh
+++ b/tools/dep_updaters/update-zlib.sh
@@ -1,23 +1,46 @@
 #!/bin/sh
 set -e
-# Shell script to update zlib in the source tree to a specific version
+# Shell script to update zlib in the source tree to the most recent version.
+# Zlib rarely creates tags or releases, so we use the latest commit on the main branch.
+# See: https://github.com/nodejs/node/pull/47417
 
 BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd)
 DEPS_DIR="$BASE_DIR/deps"
 
-CURRENT_VERSION=$(grep "#define ZLIB_VERSION" "$DEPS_DIR/zlib/zlib.h" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p")
+echo "Comparing latest upstream with current revision"
 
-NEW_VERSION_ZLIB_H=$(curl -s "https://chromium.googlesource.com/chromium/src/+/refs/heads/main/third_party/zlib/zlib.h?format=TEXT" | base64 --decode)
+git fetch https://chromium.googlesource.com/chromium/src/third_party/zlib.git HEAD
 
-NEW_VERSION=$(printf '%s' "$NEW_VERSION_ZLIB_H" | grep "#define ZLIB_VERSION" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p")
+# Revert zconf.h changes before checking diff 
+perl -i -pe 's|^//#include "chromeconf.h"|#include "chromeconf.h"|' "$DEPS_DIR/zlib/zconf.h"
+git stash -- "$DEPS_DIR/zlib/zconf.h"
 
-echo "Comparing $NEW_VERSION with $CURRENT_VERSION"
+DIFF_TREE=$(git diff --diff-filter=d 'stash@{0}:deps/zlib' FETCH_HEAD)
 
-if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then
+git stash drop
+
+if [ -z "$DIFF_TREE" ]; then
   echo "Skipped because zlib is on the latest version."
   exit 0
 fi
 
+# This is a rather arbitrary restriction. This script is assumed to run on
+# Sunday, shortly after midnight UTC. This check thus prevents pulling in the
+# most recent commits if any changes were made on Friday or Saturday (UTC).
+# We don't want to pull in a commit that was just pushed, and instead rather
+# wait for the next week's update. If no commits have been pushed in the last
+# two days, we assume that the most recent commit is stable enough to be
+# pulled in.
+LAST_CHANGE_DATE=$(git log -1 --format=%ct FETCH_HEAD)
+TWO_DAYS_AGO=$(date -d 'now - 2 days' '+%s')
+
+if [ "$LAST_CHANGE_DATE" -gt "$TWO_DAYS_AGO" ]; then
+  echo "Skipped because the latest version is too recent."
+  exit 0
+fi
+
+NEW_VERSION=$(git rev-parse --short=7 FETCH_HEAD)
+
 echo "Making temporary workspace..."
 
 WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp')