py-tensorflow-hub: zlib, again. (#33359)

var/spack/repos/builtin/packages/py-tensorflow-hub/0001-zlib-bump-over-CVE-use-fossils-url-which-is-more-sta.patch

@@ -0,0 +1,29 @@
+From e5a889202143ccc5a6d126197e86ee138307cbc4 Mon Sep 17 00:00:00 2001
+From: Harmen Stoppels <harmenstoppels@gmail.com>
+Date: Mon, 17 Oct 2022 09:52:27 +0200
+Subject: [PATCH] zlib: bump over CVE, use fossils url which is more stable
+
+---
+ WORKSPACE | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/WORKSPACE b/WORKSPACE
+index 495ed63..36d730b 100644
+--- a/WORKSPACE
++++ b/WORKSPACE
+@@ -29,9 +29,9 @@ git_repository(
+ http_archive(
+     name = "zlib",
+     build_file = "@com_google_protobuf//:third_party/zlib.BUILD",
+-    sha256 = "c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1",
+-    strip_prefix = "zlib-1.2.11",
+-    urls = ["https://zlib.net/zlib-1.2.11.tar.gz"],
++    sha256 = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30",
++    strip_prefix = "zlib-1.2.13",
++    urls = ["https://zlib.net/fossils/zlib-1.2.13.tar.gz"],
+ )
+ 
+ # Required by protobuf 3.8.0.
+-- 
+2.37.0
+

var/spack/repos/builtin/packages/py-tensorflow-hub/package.py

@@ -30,11 +30,8 @@ class PyTensorflowHub(Package):
     depends_on("py-numpy@1.12.0:", type=("build", "run"))
     depends_on("py-protobuf@3.8.0:", type=("build", "run"))
 
-    patch(
-        "https://github.com/tensorflow/hub/commit/049192a7edd3e80eebf1735b93f57c7965381bdb.patch?full_index=1",
-        sha256="c8b59d17511a8ebd2a58717723b9b77514a12b43bb2e6acec6d0c1062df6e457",
-        when="@:0.12",
-    )
+    # Deal with vendored zlib.
+    patch("0001-zlib-bump-over-CVE-use-fossils-url-which-is-more-sta.patch", when="@:0.12")
 
     def install(self, spec, prefix):
         tmp_path = tempfile.mkdtemp(prefix="spack")