From 9933a9046a659a82b4bbed175ec45eafeff6d788 Mon Sep 17 00:00:00 2001
From: Harmen Stoppels <harmenstoppels@gmail.com>
Date: Mon, 17 Oct 2022 12:39:16 +0200
Subject: py-tensorflow-hub: zlib, again. (#33359)

---
 ...ver-CVE-use-fossils-url-which-is-more-sta.patch | 29 ++++++++++++++++++++++
 .../builtin/packages/py-tensorflow-hub/package.py  |  7 ++----
 2 files changed, 31 insertions(+), 5 deletions(-)
 create mode 100644 var/spack/repos/builtin/packages/py-tensorflow-hub/0001-zlib-bump-over-CVE-use-fossils-url-which-is-more-sta.patch

(limited to 'var')

diff --git a/var/spack/repos/builtin/packages/py-tensorflow-hub/0001-zlib-bump-over-CVE-use-fossils-url-which-is-more-sta.patch b/var/spack/repos/builtin/packages/py-tensorflow-hub/0001-zlib-bump-over-CVE-use-fossils-url-which-is-more-sta.patch
new file mode 100644
index 0000000000..c552390eaa
--- /dev/null
+++ b/var/spack/repos/builtin/packages/py-tensorflow-hub/0001-zlib-bump-over-CVE-use-fossils-url-which-is-more-sta.patch
@@ -0,0 +1,29 @@
+From e5a889202143ccc5a6d126197e86ee138307cbc4 Mon Sep 17 00:00:00 2001
+From: Harmen Stoppels <harmenstoppels@gmail.com>
+Date: Mon, 17 Oct 2022 09:52:27 +0200
+Subject: [PATCH] zlib: bump over CVE, use fossils url which is more stable
+
+---
+ WORKSPACE | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/WORKSPACE b/WORKSPACE
+index 495ed63..36d730b 100644
+--- a/WORKSPACE
++++ b/WORKSPACE
+@@ -29,9 +29,9 @@ git_repository(
+ http_archive(
+     name = "zlib",
+     build_file = "@com_google_protobuf//:third_party/zlib.BUILD",
+-    sha256 = "c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1",
+-    strip_prefix = "zlib-1.2.11",
+-    urls = ["https://zlib.net/zlib-1.2.11.tar.gz"],
++    sha256 = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30",
++    strip_prefix = "zlib-1.2.13",
++    urls = ["https://zlib.net/fossils/zlib-1.2.13.tar.gz"],
+ )
+ 
+ # Required by protobuf 3.8.0.
+-- 
+2.37.0
+
diff --git a/var/spack/repos/builtin/packages/py-tensorflow-hub/package.py b/var/spack/repos/builtin/packages/py-tensorflow-hub/package.py
index 2ec9bc6519..58cf70414c 100644
--- a/var/spack/repos/builtin/packages/py-tensorflow-hub/package.py
+++ b/var/spack/repos/builtin/packages/py-tensorflow-hub/package.py
@@ -30,11 +30,8 @@ class PyTensorflowHub(Package):
     depends_on("py-numpy@1.12.0:", type=("build", "run"))
     depends_on("py-protobuf@3.8.0:", type=("build", "run"))
 
-    patch(
-        "https://github.com/tensorflow/hub/commit/049192a7edd3e80eebf1735b93f57c7965381bdb.patch?full_index=1",
-        sha256="c8b59d17511a8ebd2a58717723b9b77514a12b43bb2e6acec6d0c1062df6e457",
-        when="@:0.12",
-    )
+    # Deal with vendored zlib.
+    patch("0001-zlib-bump-over-CVE-use-fossils-url-which-is-more-sta.patch", when="@:0.12")
 
     def install(self, spec, prefix):
         tmp_path = tempfile.mkdtemp(prefix="spack")
-- 
cgit v1.2.3-60-g2f50