make-binaries: Bump zlib to 1.2.13

[nosnilmot]

Update zlib to 1.2.13 to address CVE-2022-37434

Also change zlib download to use archive URL so builds do not fail when specified version is no longer the current version, and therefore no longer available to download at default location

And reduce log output:

• quieter curl downloads
• quiet build of crosstool-ng
• disable crosstool-ng progress bar

[coveralls]

Coverage decreased (-0.002%) to 33.426% when pulling ed678f58d35a71ca693e4744961ede306524d029 on nosnilmot:bump-zlib into a1cfae8c981e8e957eb79bfda94cc45ccf35b316 on processone:master.

[weiss]

Thanks.

You're editing the crosstool-NG configuration to update their zlib version as well. Is that necessary to make the build succeed? Otherwise I'd suggest omitting that change (the toolchain's zlib isn't actually used by the resulting binaries).

[nosnilmot]

You're editing the crosstool-NG configuration to update their zlib version as well. Is that necessary to make the build succeed? Otherwise I'd suggest omitting that change (the toolchain's zlib isn't actually used by the resulting binaries).

yes, it is necessary, otherwise crosstool-ng also fails to download zlib-1.2.12 because it's also looking for it at https://zlib.net/zlib-1.2.12.tar.xz (https://github.com/crosstool-ng/crosstool-ng/issues/1832). I could omit the CT_ZLIB_VERSION change and just update CT_ZLIB_MIRRORS to get 1.2.12 from the archives (fossils) but if making changes in that area we might as well use the version that does not have a vulnerability :)

[weiss]

Ok, thanks 👍🏻