diff --git a/CVE-2023-0437.patch b/CVE-2023-0437.patch deleted file mode 100644 index a980dcc..0000000 --- a/CVE-2023-0437.patch +++ /dev/null @@ -1,27 +0,0 @@ -From be865dd759a28aa268232766f304d1bc11f1e8f7 Mon Sep 17 00:00:00 2001 -From: Kevin Albertson -Date: Mon, 30 Oct 2023 18:01:30 +0000 -Subject: [PATCH] CDRIVER-4747 use `size_t` consistently in - `bson_utf8_validate` (#1458) - -Origin: https://github.com/mongodb/mongo-c-driver/commit/be865dd759a28aa268232766f304d1bc11f1e8f7 - ---- - src/libbson/src/bson/bson-utf8.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libbson/src/bson/bson-utf8.c b/src/libbson/src/bson/bson-utf8.c -index e122ac31f7..1cebd27069 100644 ---- a/src/libbson/src/bson/bson-utf8.c -+++ b/src/libbson/src/bson/bson-utf8.c -@@ -118,8 +118,8 @@ bson_utf8_validate (const char *utf8, /* IN */ - bson_unichar_t c; - uint8_t first_mask; - uint8_t seq_length; -- unsigned i; -- unsigned j; -+ size_t i; -+ size_t j; - - BSON_ASSERT (utf8); - diff --git a/mongo-c-driver-1.13.1.tar.gz b/mongo-c-driver-1.13.1.tar.gz deleted file mode 100644 index 6d5d159..0000000 Binary files a/mongo-c-driver-1.13.1.tar.gz and /dev/null differ diff --git a/mongo-c-driver-1.27.4.tar.gz b/mongo-c-driver-1.27.4.tar.gz new file mode 100644 index 0000000..4668dcd Binary files /dev/null and b/mongo-c-driver-1.27.4.tar.gz differ diff --git a/mongo-c-driver.spec b/mongo-c-driver.spec index a9a02a5..462bd4e 100644 --- a/mongo-c-driver.spec +++ b/mongo-c-driver.spec @@ -1,12 +1,11 @@ %global with_tests 0%{?_with_tests:1} Name: mongo-c-driver Summary: Client library written in C for MongoDB -Version: 1.13.1 -Release: 7 +Version: 1.27.4 +Release: 1 License: ASL 2.0 and ISC and MIT and zlib URL: https://github.com/mongodb/mongo-c-driver -Source0: https://github.com/mongodb/mongo-c-driver/releases/download/1.13.1/mongo-c-driver-1.13.1.tar.gz -Patch0: CVE-2023-0437.patch +Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz BuildRequires: cmake >= 3.1 openssl-devel pkgconfig(libsasl2) pkgconfig(zlib) gcc BuildRequires: pkgconfig(snappy) pkgconfig(icu-uc) perl-interpreter python3 python3-sphinx BuildRequires: chrpath @@ -74,6 +73,8 @@ chrpath -d %{buildroot}%{_bindir}/mongoc-stat mkdir -p %{buildroot}/etc/ld.so.conf.d echo "/home/abuild/rpmbuild/BUILD/mongo-c-driver-%{version}/src/libmongoc:/home/abuild/rpmbuild/BUILD/mongo-c-driver-%{version}/src/libbson" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf +rm -rf %{buildroot}%{_datadir}/%{name} + %post /sbin/ldconfig @@ -101,9 +102,11 @@ exit $ret %files devel %doc src/libmongoc/examples +%doc NEWS %{_includedir}/libmongoc-1.0 %{_libdir}/libmongoc-1.0.so %{_libdir}/pkgconfig/libmongoc-*.pc +%{_libdir}/cmake/mongoc-1.0 %{_libdir}/cmake/libmongoc-1.0 %files -n libbson @@ -111,17 +114,45 @@ exit $ret %files -n libbson-devel %doc src/libbson/examples +%doc src/libbson/NEWS %{_includedir}/libbson-1.0 %{_libdir}/libbson*.so %{_libdir}/cmake/libbson-1.0 +%{_libdir}/cmake/bson-1.0 %{_libdir}/pkgconfig/libbson-*.pc %files help %{_mandir}/man3/* -%doc src/libbson/NEWS -%doc NEWS %changelog +* Thu Jul 11 2024 yaoxin - 1.27.4-1 +- Update to 1.27.4 for fix CVE-2024-6381 and CVE-2024-6383 +- libbson Fixes: + * Fix build with Visual Studio 2013. + * Fix parsing of colon in timezone. + * Error on failure to init subdocument in bson_iter_visit_all. + * Fix string handling in bson_string_new and bson_string_append. + * Fix iteration in bson_strfreev. + * Use aligned alloc for bson_array_builder_t + * Restore support for Sphinx 1.7.6 for man page build. + * Fix conversion warning with GCC 12. + * Fixes to some format strings in trace logs. + * Allow mongoc_buffer_t to be larger than INT_MAX. + * Add bson_array_builder_t. +- libmongoc Fixes: + * Fix possible crash reading malformed wire protocol message. + * Upgraded bundled Zlib from 1.2.3 to 1.3.1 + * Close leftover connections to removed servers. + * Fix possible crash when client is configured with empty password. + * Fix possible hang if mongoc_gridfs_file_readv is called with a corrupt chunk with incomplete data. + * Fix 32-bit compile with 64-bit time_t + * Restore support for Sphinx 1.7.6 for man page build. + * Disable shared libmongoc targets if ENABLE_SHARED=OFF + * Fix documentation build with Python 3.9. + * Fix data race in mongoc_cursor_get_host. + * Add back support for BUILD_VERSION CMake option. BUILD_VERSION was unintentionally removed in 1.25.0. + * Send recoveryToken in transactions when connected to a load balancer. + * Tue Jan 16 2024 wangkai <13474090681@163.com> - 1.13.1-7 - Fix CVE-2023-0437