diff --git a/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch b/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9e56c65afa811e8c7ea769928cec9375112fb84d
--- /dev/null
+++ b/0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
@@ -0,0 +1,27 @@
+From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Mon, 28 Mar 2022 18:34:10 -0700
+Subject: [PATCH] Fix configure issue that discarded provided CC definition.
+
+---
+ configure | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/configure b/configure
+index 52ff4a0..3fa3e86 100755
+--- a/configure
++++ b/configure
+@@ -174,7 +174,10 @@ if test -z "$CC"; then
+   else
+     cc=${CROSS_PREFIX}cc
+   fi
++else
++  cc=${CC}
+ fi
++
+ cflags=${CFLAGS-"-O3"}
+ # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
+ case "$cc" in
+-- 
+2.19.1.6.gb485710b
+
diff --git a/0002-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch b/0002-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d243528ce68234b178be135e1ff6a2909b657b91
--- /dev/null
+++ b/0002-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch
@@ -0,0 +1,54 @@
+From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Wed, 30 Mar 2022 11:14:53 -0700
+Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
+
+The previous releases of zlib were not sensitive to incorrect CRC
+inputs with bits set above the low 32. This commit restores that
+behavior, so that applications with such bugs will continue to
+operate as before.
+---
+ crc32.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/crc32.c b/crc32.c
+index a1bdce5..451887b 100644
+--- a/crc32.c
++++ b/crc32.c
+@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
+ #endif /* DYNAMIC_CRC_TABLE */
+ 
+     /* Pre-condition the CRC */
+-    crc ^= 0xffffffff;
++    crc = (~crc) & 0xffffffff;
+ 
+     /* Compute the CRC up to a word boundary. */
+     while (len && ((z_size_t)buf & 7) != 0) {
+@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
+ #endif /* DYNAMIC_CRC_TABLE */
+ 
+     /* Pre-condition the CRC */
+-    crc ^= 0xffffffff;
++    crc = (~crc) & 0xffffffff;
+ 
+ #ifdef W
+ 
+@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
+ #ifdef DYNAMIC_CRC_TABLE
+     once(&made, make_crc_table);
+ #endif /* DYNAMIC_CRC_TABLE */
+-    return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
++    return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
+ }
+ 
+ /* ========================================================================= */
+@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
+     uLong crc2;
+     uLong op;
+ {
+-    return multmodp(op, crc1) ^ crc2;
++    return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
+ }
+-- 
+2.19.1.6.gb485710b
+
diff --git a/0003-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/0003-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
new file mode 100644
index 0000000000000000000000000000000000000000..26616b3e6e4b24751f69441cc66a48796a0eb446
--- /dev/null
+++ b/0003-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
@@ -0,0 +1,35 @@
+From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
+From: Mark Adler <fork@madler.net>
+Date: Sat, 30 Jul 2022 15:51:11 -0700
+Subject: [PATCH] Fix a bug when getting a gzip header extra field with
+ inflate().
+
+If the extra field was larger than the space the user provided with
+inflateGetHeader(), and if multiple calls of inflate() delivered
+the extra header data, then there could be a buffer overflow of the
+provided space. This commit assures that provided space is not
+exceeded.
+---
+ inflate.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/inflate.c b/inflate.c
+index 7be8c63..7a72897 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -763,9 +763,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
++                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
++                        state->head->extra != Z_NULL &&
++                        len < state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
+-- 
+2.19.1.6.gb485710b
+
diff --git a/0004-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/0004-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e7d1b560de86ed4b5aa64ba4246b5cacd299a477
--- /dev/null
+++ b/0004-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
@@ -0,0 +1,32 @@
+From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
+From: Mark Adler <fork@madler.net>
+Date: Mon, 8 Aug 2022 10:50:09 -0700
+Subject: [PATCH] Fix extra field processing bug that dereferences NULL
+ state->head.
+
+The recent commit to fix a gzip header extra field processing bug
+introduced the new bug fixed here.
+---
+ inflate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/inflate.c b/inflate.c
+index 7a72897..2a3c4fe 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -763,10 +763,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
+-                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+                         state->head->extra != Z_NULL &&
+-                        len < state->head->extra_max) {
++                        (len = state->head->extra_len - state->length) <
++                            state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
+-- 
+2.19.1.6.gb485710b
+
diff --git a/zlib-1.2.11.tar.xz b/zlib-1.2.11.tar.xz
deleted file mode 100644
index 305b7a058f2b18b5ff15b0c5258ab7d489c21973..0000000000000000000000000000000000000000
Binary files a/zlib-1.2.11.tar.xz and /dev/null differ
diff --git a/zlib-1.2.12.tar.xz b/zlib-1.2.12.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..f7b33e79d92d68f9686975bcd424acda5e0cef87
Binary files /dev/null and b/zlib-1.2.12.tar.xz differ
diff --git a/zlib.spec b/zlib.spec
index e3bababeb80a017f75b6b44937f5016b68bd75a8..28f29ec7efddb575a7dcaea0af6eb76aaeb6b0d4 100644
--- a/zlib.spec
+++ b/zlib.spec
@@ -1,14 +1,20 @@
+%define anolis_release 1
 Name:           zlib
-Version:        1.2.11
-Release:        1%{?dist}
+Version:        1.2.12
+Release:        %{anolis_release}%{?dist}
 Summary:        Compression and decompression library
 
 License:        zlib and Boost
 URL:            https://www.zlib.net/
 Source0:        https://zlib.net/zlib-%{version}.tar.xz
+# patches from upstream
+Patch1:         0001-Fix-configure-issue-that-discarded-provided-CC-defin.patch
+Patch2:         0002-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch
+# CVE-2022-37434
+Patch3:         0003-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
+Patch4:         0004-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
 
 BuildRequires:  make automake autoconf libtool 
-Requires:       glibc
 
 %description
 Zlib is a general-purpose, patent-free, lossless data compression
@@ -16,7 +22,7 @@ library which is used by many different programs.
 
 %package devel
 Summary: Header files and libraries for Zlib development
-Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: %{name} = %{version}-%{release}
  
 %description devel
 The zlib-devel package contains the header files and libraries needed
@@ -25,7 +31,7 @@ library.
  
 %package static
 Summary: Static libraries for Zlib development
-Requires: %{name}-devel%{?_isa} = %{version}-%{release}
+Requires: %{name}-devel = %{version}-%{release}
  
 %description static
 The zlib-static package includes static libraries needed
@@ -34,15 +40,15 @@ decompression library.
  
 %package -n minizip-compat
 Summary: Library for manipulation with .zip archives
-Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: %{name} = %{version}-%{release}
  
 %description -n minizip-compat
 Minizip is a library for manipulation with files from .zip archives.
  
 %package -n minizip-compat-devel
 Summary: Development files for the minizip library
-Requires: minizip-compat%{?_isa} = %{version}-%{release}
-Requires: %{name}-devel%{?_isa} = %{version}-%{release}
+Requires: minizip-compat = %{version}-%{release}
+Requires: %{name}-devel = %{version}-%{release}
 Conflicts: minizip-devel
  
 %description -n minizip-compat-devel
@@ -50,7 +56,7 @@ This package contains the libraries and header files needed for
 developing applications which use minizip.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS"
@@ -103,5 +109,8 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
 
 
 %changelog
+* Tue Aug 30 2022 Chunmei Xu <xuchunmei@linux.alibaba.com> - 1.2.12-1
+- update to 1.2.12
+
 * Mon Mar  7 2022 forrest_ly <flin@linux.alibaba.com> - 1.2.11-1 
 - Init Anolis OS 23