diff --git a/CVE-2023-0437.patch b/CVE-2023-0437.patch deleted file mode 100644 index a980dcc..0000000 --- a/CVE-2023-0437.patch +++ /dev/null @@ -1,27 +0,0 @@ -From be865dd759a28aa268232766f304d1bc11f1e8f7 Mon Sep 17 00:00:00 2001 -From: Kevin Albertson -Date: Mon, 30 Oct 2023 18:01:30 +0000 -Subject: [PATCH] CDRIVER-4747 use `size_t` consistently in - `bson_utf8_validate` (#1458) - -Origin: https://github.com/mongodb/mongo-c-driver/commit/be865dd759a28aa268232766f304d1bc11f1e8f7 - ---- - src/libbson/src/bson/bson-utf8.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libbson/src/bson/bson-utf8.c b/src/libbson/src/bson/bson-utf8.c -index e122ac31f7..1cebd27069 100644 ---- a/src/libbson/src/bson/bson-utf8.c -+++ b/src/libbson/src/bson/bson-utf8.c -@@ -118,8 +118,8 @@ bson_utf8_validate (const char *utf8, /* IN */ - bson_unichar_t c; - uint8_t first_mask; - uint8_t seq_length; -- unsigned i; -- unsigned j; -+ size_t i; -+ size_t j; - - BSON_ASSERT (utf8); - diff --git a/mongo-c-driver-1.24.4.tar.gz b/mongo-c-driver-1.24.4.tar.gz deleted file mode 100644 index 9846474..0000000 Binary files a/mongo-c-driver-1.24.4.tar.gz and /dev/null differ diff --git a/mongo-c-driver-1.27.4.tar.gz b/mongo-c-driver-1.27.4.tar.gz new file mode 100644 index 0000000..4668dcd Binary files /dev/null and b/mongo-c-driver-1.27.4.tar.gz differ diff --git a/mongo-c-driver.spec b/mongo-c-driver.spec index cc42f9f..f47f150 100644 --- a/mongo-c-driver.spec +++ b/mongo-c-driver.spec @@ -1,12 +1,11 @@ %global with_tests 0%{?_with_tests:1} Name: mongo-c-driver Summary: Client library written in C for MongoDB -Version: 1.24.4 -Release: 2 +Version: 1.27.4 +Release: 1 License: ASL 2.0 and ISC and MIT and zlib URL: https://github.com/mongodb/mongo-c-driver -Source0: https://github.com/mongodb/mongo-c-driver/releases/download/1.24.4/mongo-c-driver-1.24.4.tar.gz -Patch0: CVE-2023-0437.patch +Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz BuildRequires: cmake >= 3.1 openssl-devel pkgconfig(libsasl2) pkgconfig(zlib) gcc BuildRequires: pkgconfig(snappy) pkgconfig(icu-uc) perl-interpreter python3 python3-sphinx BuildRequires: chrpath @@ -103,6 +102,7 @@ exit $ret %files devel %doc src/libmongoc/examples +%doc NEWS %{_includedir}/libmongoc-1.0 %{_libdir}/libmongoc-1.0.so %{_libdir}/pkgconfig/libmongoc-*.pc @@ -114,6 +114,7 @@ exit $ret %files -n libbson-devel %doc src/libbson/examples +%doc src/libbson/NEWS %{_includedir}/libbson-1.0 %{_libdir}/libbson*.so %{_libdir}/cmake/libbson-1.0 @@ -122,10 +123,36 @@ exit $ret %files help %{_mandir}/man3/* -%doc src/libbson/NEWS -%doc NEWS %changelog +* Thu Jul 11 2024 yaoxin - 1.27.4-1 +- Update to 1.27.4 for fix CVE-2024-6381 and CVE-2024-6383 +- libbson Fixes: + * Fix build with Visual Studio 2013. + * Fix parsing of colon in timezone. + * Error on failure to init subdocument in bson_iter_visit_all. + * Fix string handling in bson_string_new and bson_string_append. + * Fix iteration in bson_strfreev. + * Use aligned alloc for bson_array_builder_t + * Restore support for Sphinx 1.7.6 for man page build. + * Fix conversion warning with GCC 12. + * Fixes to some format strings in trace logs. + * Allow mongoc_buffer_t to be larger than INT_MAX. + * Add bson_array_builder_t. +- libmongoc Fixes: + * Fix possible crash reading malformed wire protocol message. + * Upgraded bundled Zlib from 1.2.3 to 1.3.1 + * Close leftover connections to removed servers. + * Fix possible crash when client is configured with empty password. + * Fix possible hang if mongoc_gridfs_file_readv is called with a corrupt chunk with incomplete data. + * Fix 32-bit compile with 64-bit time_t + * Restore support for Sphinx 1.7.6 for man page build. + * Disable shared libmongoc targets if ENABLE_SHARED=OFF + * Fix documentation build with Python 3.9. + * Fix data race in mongoc_cursor_get_host. + * Add back support for BUILD_VERSION CMake option. BUILD_VERSION was unintentionally removed in 1.25.0. + * Send recoveryToken in transactions when connected to a load balancer. + * Tue Jan 16 2024 wangkai <13474090681@163.com> - 1.24.4-2 - Fix CVE-2023-0437