Bump zlib to 1.2.13.

nluehr · nluehr · commit 7d876a9b549d · 2022-12-21T12:22:02.000-06:00
Due to security issue, zlib 1.2.12 is yanked, just like 1.2.11 was before. So builds not using TF mirror will break. See https://www.zlib.net and CVE-2022-37434.
diff --git a/tensorflow/workspace.bzl b/tensorflow/workspace.bzl
@@ -628,12 +628,12 @@ def tf_repositories(path_prefix = "", tf_repo_name = ""):
     tf_http_archive(
         name = "zlib_archive",
         build_file = clean_dep("//third_party:zlib.BUILD"),
-        sha256 = "c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1",
-        strip_prefix = "zlib-1.2.11",
+        sha256 = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30",
+        strip_prefix = "zlib-1.2.13",
         system_build_file = clean_dep("//third_party/systemlibs:zlib.BUILD"),
         urls = [
-            "https://storage.googleapis.com/mirror.tensorflow.org/zlib.net/zlib-1.2.11.tar.gz",
-            "https://zlib.net/zlib-1.2.11.tar.gz",
+            "https://storage.googleapis.com/mirror.tensorflow.org/zlib.net/zlib-1.2.13.tar.gz",
+            "https://zlib.net/fossils/zlib-1.2.13.tar.gz",
         ],
     )
 
diff --git a/third_party/png.BUILD b/third_party/png.BUILD
@@ -63,7 +63,7 @@ genrule(
     name = "snappy_stubs_public_h",
     srcs = ["scripts/pnglibconf.h.prebuilt"],
     outs = ["pnglibconf.h"],
-    cmd = "sed -e 's/PNG_ZLIB_VERNUM 0/PNG_ZLIB_VERNUM 0x12b0/' $< >$@",
+    cmd = "sed -e 's/PNG_ZLIB_VERNUM 0/PNG_ZLIB_VERNUM 0x12d0/' $< >$@",
 )
 
 config_setting(

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ genrule(`
`63`	`63`	`name = "snappy_stubs_public_h",`
`64`	`64`	`srcs = ["scripts/pnglibconf.h.prebuilt"],`
`65`	`65`	`outs = ["pnglibconf.h"],`
`66`		`- cmd = "sed -e 's/PNG_ZLIB_VERNUM 0/PNG_ZLIB_VERNUM 0x12b0/' $< >$@",`
	`66`	`+ cmd = "sed -e 's/PNG_ZLIB_VERNUM 0/PNG_ZLIB_VERNUM 0x12d0/' $< >$@",`
`67`	`67`	`)`
`68`	`68`
`69`	`69`	`config_setting(`