!23 [sync] PR-22: Update to 1.27.4 for fix CVE-2024-6381 and CVE-2024-6383

From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge

CVE-2023-0437.patch

@@ -1,27 +0,0 @@
-From be865dd759a28aa268232766f304d1bc11f1e8f7 Mon Sep 17 00:00:00 2001
-From: Kevin Albertson <kevin.albertson@mongodb.com>
-Date: Mon, 30 Oct 2023 18:01:30 +0000
-Subject: [PATCH] CDRIVER-4747 use `size_t` consistently in
- `bson_utf8_validate` (#1458)
-
-Origin: https://github.com/mongodb/mongo-c-driver/commit/be865dd759a28aa268232766f304d1bc11f1e8f7
-
----
- src/libbson/src/bson/bson-utf8.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/libbson/src/bson/bson-utf8.c b/src/libbson/src/bson/bson-utf8.c
-index e122ac31f7..1cebd27069 100644
---- a/src/libbson/src/bson/bson-utf8.c
-+++ b/src/libbson/src/bson/bson-utf8.c
-@@ -118,8 +118,8 @@ bson_utf8_validate (const char *utf8, /* IN */
-    bson_unichar_t c;
-    uint8_t first_mask;
-    uint8_t seq_length;
--   unsigned i;
--   unsigned j;
-+   size_t i;
-+   size_t j;
- 
-    BSON_ASSERT (utf8);
- 

mongo-c-driver.spec

@@ -1,12 +1,11 @@
 %global with_tests   0%{?_with_tests:1}
 Name:          mongo-c-driver
 Summary:       Client library written in C for MongoDB
-Version:       1.24.4
-Release:       2
+Version:       1.27.4
+Release:       1
 License:       ASL 2.0 and ISC and MIT and zlib
 URL:           https://github.com/mongodb/mongo-c-driver
-Source0:       https://github.com/mongodb/mongo-c-driver/releases/download/1.24.4/mongo-c-driver-1.24.4.tar.gz
-Patch0:        CVE-2023-0437.patch
+Source0:       %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz
 BuildRequires: cmake >= 3.1 openssl-devel pkgconfig(libsasl2) pkgconfig(zlib) gcc
 BuildRequires: pkgconfig(snappy) pkgconfig(icu-uc) perl-interpreter python3 python3-sphinx
 BuildRequires: chrpath
@@ -103,6 +102,7 @@ exit $ret
 
 %files devel
 %doc src/libmongoc/examples
+%doc NEWS
 %{_includedir}/libmongoc-1.0
 %{_libdir}/libmongoc-1.0.so
 %{_libdir}/pkgconfig/libmongoc-*.pc
@@ -114,6 +114,7 @@ exit $ret
 
 %files -n libbson-devel
 %doc src/libbson/examples
+%doc src/libbson/NEWS
 %{_includedir}/libbson-1.0
 %{_libdir}/libbson*.so
 %{_libdir}/cmake/libbson-1.0
@@ -122,10 +123,36 @@ exit $ret
 
 %files help
 %{_mandir}/man3/*
-%doc src/libbson/NEWS
-%doc NEWS
 
 %changelog
+* Thu Jul 11 2024 yaoxin <yao_xin001@hoperun.com> - 1.27.4-1
+- Update to 1.27.4 for fix CVE-2024-6381 and CVE-2024-6383
+- libbson Fixes:
+  * Fix build with Visual Studio 2013.
+  * Fix parsing of colon in timezone.
+  * Error on failure to init subdocument in bson_iter_visit_all.
+  * Fix string handling in bson_string_new and bson_string_append.
+  * Fix iteration in bson_strfreev.
+  * Use aligned alloc for bson_array_builder_t
+  * Restore support for Sphinx 1.7.6 for man page build.
+  * Fix conversion warning with GCC 12.
+  * Fixes to some format strings in trace logs.
+  * Allow mongoc_buffer_t to be larger than INT_MAX.
+  * Add bson_array_builder_t.
+- libmongoc Fixes:
+  * Fix possible crash reading malformed wire protocol message.
+  * Upgraded bundled Zlib from 1.2.3 to 1.3.1
+  * Close leftover connections to removed servers.
+  * Fix possible crash when client is configured with empty password.
+  * Fix possible hang if mongoc_gridfs_file_readv is called with a corrupt chunk with incomplete data.
+  * Fix 32-bit compile with 64-bit time_t
+  * Restore support for Sphinx 1.7.6 for man page build.
+  * Disable shared libmongoc targets if ENABLE_SHARED=OFF
+  * Fix documentation build with Python 3.9.
+  * Fix data race in mongoc_cursor_get_host.
+  * Add back support for BUILD_VERSION CMake option. BUILD_VERSION was unintentionally removed in 1.25.0.
+  * Send recoveryToken in transactions when connected to a load balancer.
+
 * Tue Jan 16 2024 wangkai <13474090681@163.com> - 1.24.4-2
 - Fix CVE-2023-0437