From c2c93abd18c37f438006cded8124ff0a32a0e4a7 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Mon, 28 Mar 2022 00:03:35 -0400
Subject: gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://seclists.org/oss-sec/2022/q1/191

* gnu/packages/compression.scm (zlib)[replacement]: New field.
(zlib-1.2.12): New variable.
---
 gnu/packages/compression.scm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 82b93e23b2..223283eeb4 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -103,6 +103,7 @@
 (define-public zlib
   (package
     (name "zlib")
+    (replacement zlib-1.2.12)
     (version "1.2.11")
     (source
      (origin
@@ -164,6 +165,21 @@ independent of the input data and can be reduced, if necessary, at some cost
 in compression.")
     (license license:zlib)))
 
+(define-public zlib-1.2.12
+  (package
+    (inherit zlib)
+    (version "1.2.12")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (list (string-append "http://zlib.net/zlib-"
+                                 version ".tar.gz")
+                 (string-append "mirror://sourceforge/libpng/zlib/"
+                                version "/zlib-" version ".tar.gz")))
+      (sha256
+       (base32
+        "1n9na4fq4wagw1nzsfjr6wyly960jfa94460ncbf6p1fac44i14i"))))))
+
 (define-public minizip
   (package
     (name "minizip")
-- 
cgit v1.2.3