From b31c7cb513c3373fb2f63c31db3693d2522265b6b92dd949e1ad4b3c9b868746 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 7 May 2024 07:32:10 +0000 Subject: [PATCH] =?UTF-8?q?-=20update=20to=204.6.3=20(bsc#1222492,=20CVE-2?= =?UTF-8?q?024-21506):=20=20=20*=20Fixed=20a=20potential=20memory=20access?= =?UTF-8?q?=20violation=20when=20decoding=20invalid=20=20=20=20=20bson.=20?= =?UTF-8?q?-=20update=20to=204.6.2:=20=20=20*=20Fixed=20a=20bug=20appearin?= =?UTF-8?q?g=20in=20Python=203.12=20where=20=E2=80=9CRuntimeError:=20can?= =?UTF-8?q?=E2=80=99t=20=20=20=20=20create=20new=20thread=20at=20interpret?= =?UTF-8?q?er=20shutdown=E2=80=9D=20could=20be=20written=20to=20=20=20=20?= =?UTF-8?q?=20stderr=20when=20a=20MongoClient=E2=80=99s=20thread=20starts?= =?UTF-8?q?=20as=20the=20python=20=20=20=20=20interpreter=20is=20shutting?= =?UTF-8?q?=20down.=20-=20update=20to=204.6.1:=20=20=20*=20Ensure=20retrya?= =?UTF-8?q?ble=20read=20OperationFailure=20errors=20re-raise=20=20=20=20?= =?UTF-8?q?=20exception=20when=200=20or=20NoneType=20error=20code=20is=20p?= =?UTF-8?q?rovided.=20-=20update=20to=204.6.0:=20=20=20*=20Release=20notes?= =?UTF-8?q?:=20https://www.mongodb.com/community/forums/t/pymongo-4-6-0-re?= =?UTF-8?q?leased/251866=20-=20update=20to=204.5.0:=20=20=20*=20Release=20?= =?UTF-8?q?notes:=20https://www.mongodb.com/community/forums/t/pymongo-4-5?= =?UTF-8?q?-0-released/240662=20-=20update=20to=204.4.1:=20=20=20*=20Fixed?= =?UTF-8?q?=20a=20bug=20where=20pymongo=20would=20raise=20a=20Configuratio?= =?UTF-8?q?nError:=20=20=20=20=20Invalid=20SRV=20host=20error=20when=20con?= =?UTF-8?q?necting=20to=20a=20=E2=80=9Cmongodb+srv://=E2=80=9D=20=20=20=20?= =?UTF-8?q?=20URI=20that=20included=20capital=20letters=20in=20the=20SRV?= =?UTF-8?q?=20hosts=20returned=20=20=20=20=20from=20DNS.=20(PYTHON-3800).?= =?UTF-8?q?=20=20=20*=20Fixed=20a=20minor=20reference=20counting=20bug=20i?= =?UTF-8?q?n=20the=20C=20extension=20(PYTHON-3798).=20-=20update=20to=204.?= =?UTF-8?q?4.0:=20=20=20*=20Release=20notes:=20https://www.mongodb.com/com?= =?UTF-8?q?munity/forums/t/pymongo-4-4-released/232211=20-=20Update=20to?= =?UTF-8?q?=204.3.3=20-=20Update=20to=204.3.2=20=20=20*=20The=20default=20?= =?UTF-8?q?uuid=5Frepresentation=20for=20CodecOptions,=20JSONOptions,=20?= =?UTF-8?q?=20=20=20=20and=20MongoClient=20has=20been=20changed=20from=20b?= =?UTF-8?q?son.binary.UuidRepresentation.PYTHON=5FLEGACY=20=20=20=20=20to?= =?UTF-8?q?=20bson.binary.UuidRepresentation.UNSPECIFIED.=20Attempting=20t?= =?UTF-8?q?o=20=20=20=20=20encode=20a=20uuid.UUID=20instance=20to=20BSON?= =?UTF-8?q?=20or=20JSON=20now=20produces=20an=20=20=20*=20directConnection?= =?UTF-8?q?=20URI=20option=20and=20keyword=20argument=20to=20MongoClient?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pymongo?expand=0&rev=95 --- pymongo-4.3.3.tar.gz | 3 -- pymongo-4.6.3.tar.gz | 3 ++ python-pymongo.changes | 87 +++++++++++++++++++++++++++--------------- python-pymongo.spec | 15 +++++--- 4 files changed, 70 insertions(+), 38 deletions(-) delete mode 100644 pymongo-4.3.3.tar.gz create mode 100644 pymongo-4.6.3.tar.gz diff --git a/pymongo-4.3.3.tar.gz b/pymongo-4.3.3.tar.gz deleted file mode 100644 index d7988c1..0000000 --- a/pymongo-4.3.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34e95ffb0a68bffbc3b437f2d1f25fc916fef3df5cdeed0992da5f42fae9b807 -size 814195 diff --git a/pymongo-4.6.3.tar.gz b/pymongo-4.6.3.tar.gz new file mode 100644 index 0000000..33be55a --- /dev/null +++ b/pymongo-4.6.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:400074090b9a631f120b42c61b222fd743490c133a5d2f99c0208cefcccc964e +size 1431391 diff --git a/python-pymongo.changes b/python-pymongo.changes index 89c42ad..36c22ad 100644 --- a/python-pymongo.changes +++ b/python-pymongo.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Tue May 7 07:26:43 UTC 2024 - Dirk Müller + +- update to 4.6.3 (bsc#1222492, CVE-2024-21506): + * Fixed a potential memory access violation when decoding invalid + bson. +- update to 4.6.2: + * Fixed a bug appearing in Python 3.12 where “RuntimeError: can’t + create new thread at interpreter shutdown” could be written to + stderr when a MongoClient’s thread starts as the python + interpreter is shutting down. +- update to 4.6.1: + * Ensure retryable read OperationFailure errors re-raise + exception when 0 or NoneType error code is provided. +- update to 4.6.0: + * Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866 +- update to 4.5.0: + * Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662 +- update to 4.4.1: + * Fixed a bug where pymongo would raise a ConfigurationError: + Invalid SRV host error when connecting to a “mongodb+srv://” + URI that included capital letters in the SRV hosts returned + from DNS. (PYTHON-3800). + * Fixed a minor reference counting bug in the C extension (PYTHON-3798). +- update to 4.4.0: + * Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211 + ------------------------------------------------------------------- Sat Jun 10 17:32:52 UTC 2023 - ecsos @@ -6,7 +33,7 @@ Sat Jun 10 17:32:52 UTC 2023 - ecsos ------------------------------------------------------------------- Tue Dec 6 13:23:28 UTC 2022 - Yogalakshmi Arunachalam -- Update to 4.3.3 +- Update to 4.3.3 Version 4.3.3 documents support for the following: * CSFLE on-demand credentials for cloud KMS providers. * Authentication support for EKS Clusters. @@ -18,7 +45,7 @@ Tue Dec 6 13:23:28 UTC 2022 - Yogalakshmi Arunachalam ------------------------------------------------------------------- Fri Oct 28 20:14:11 UTC 2022 - Yogalakshmi Arunachalam -- Update to 4.3.2 +- Update to 4.3.2 Complete Changelog https://pymongo.readthedocs.io/en/4.3.2/changelog.html ------------------------------------------------------------------- @@ -71,10 +98,10 @@ Sat Jul 16 18:05:53 UTC 2022 - Markéta Machová * PyMongo 4.0 drops support for Python 2.7, 3.4, and 3.5. * PyMongo 4.1 drops support for Python 3.6.0 and 3.6.1, Python 3.6.2+ is now required. * PyMongo 4.0 drops support for MongoDB 2.6, 3.0, 3.2, and 3.4. - * The default uuid_representation for CodecOptions, JSONOptions, - and MongoClient has been changed from bson.binary.UuidRepresentation.PYTHON_LEGACY - to bson.binary.UuidRepresentation.UNSPECIFIED. Attempting to - encode a uuid.UUID instance to BSON or JSON now produces an + * The default uuid_representation for CodecOptions, JSONOptions, + and MongoClient has been changed from bson.binary.UuidRepresentation.PYTHON_LEGACY + to bson.binary.UuidRepresentation.UNSPECIFIED. Attempting to + encode a uuid.UUID instance to BSON or JSON now produces an error by default. See Handling UUID Data for details. * Removed some arguments and functions mostly from: * pymongo.mongo_client.MongoClient @@ -82,16 +109,16 @@ Sat Jul 16 18:05:53 UTC 2022 - Markéta Machová * pymongo.collection.Collection * pymongo.mongo_client.MongoClient * pymongo.son_manipulator - * directConnection URI option and keyword argument to MongoClient + * directConnection URI option and keyword argument to MongoClient defaults to False instead of None * tz_aware, an argument for JSONOptions, now defaults to False instead of True. * items() now returns a dict_items object rather than a list. * The hint option is now required when using min or max queries with find(). - * MongoClient` now raises an InvalidURI exception when it encounters + * MongoClient` now raises an InvalidURI exception when it encounters unescaped percent signs in username and password when parsing MongoDB URIs. - * Enhanced connection pooling to create connections more efficiently + * Enhanced connection pooling to create connections more efficiently and avoid connection storms. - * MongoClient now accepts a URI and keyword argument srvMaxHosts + * MongoClient now accepts a URI and keyword argument srvMaxHosts that limits the number of mongos-like hosts a client will connect to. * Support for the “kmip” KMS provider for client side field level encryption. * Many more changes, seet the upstream changelog for details @@ -295,7 +322,7 @@ Fri Feb 23 04:43:48 UTC 2018 - jacobwinski@gmail.com Sat Nov 25 17:07:57 UTC 2017 - axel.braun@gmx.de - update to version 3.5.1 - tests_should_pass_without_MongoDB_running.patch removed - not needed anymore + tests_should_pass_without_MongoDB_running.patch removed - not needed anymore ------------------------------------------------------------------- Wed Apr 26 15:36:48 UTC 2017 - toddrme2178@gmail.com @@ -350,8 +377,8 @@ Thu Feb 18 13:24:49 UTC 2016 - eshmarnev@suse.com - Update to 3.1.1: * Command monitoring support. - * Configurable error handling for UnicodeDecodeError. - * Optional automatic timezone conversion when decoding BSON datetime. + * Configurable error handling for UnicodeDecodeError. + * Optional automatic timezone conversion when decoding BSON datetime. * An implementation of GridFSBucket from the new GridFS spec. * Compliance with the new Connection String spec. * Reduced idle CPU usage in Python 2. @@ -359,7 +386,7 @@ Thu Feb 18 13:24:49 UTC 2016 - eshmarnev@suse.com ------------------------------------------------------------------- Wed Aug 5 00:49:55 UTC 2015 - jacobwinski@gmail.com -- Update to 3.0.3, fixes: +- Update to 3.0.3, fixes: * PYTHON-942: Error in changelog guidance for Python 3 (find timeout parameter) * PYTHON-934: Unable to specify ssl_match_hostname option using URI style connection string * PYTHON-946: Undocumented regression in Collection.find - projection tuple no longer allowed @@ -1076,7 +1103,7 @@ Fri Jul 25 08:59:00 UTC 2014 - mlin@suse.com * A new :doc:`bulk write operations API `. * Support for server side query timeouts using :meth:`~pymongo.cursor.Cursor.max_time_ms`. - * Support for writing :meth:`~pymongo.collection.Collection.aggregate` + * Support for writing :meth:`~pymongo.collection.Collection.aggregate` output to a collection. * A new :meth:`~pymongo.collection.Collection.parallel_scan` helper. * :class:`~pymongo.errors.OperationFailure` and its subclasses now @@ -1103,10 +1130,10 @@ Wed Nov 27 13:25:30 UTC 2013 - p.drouand@gmail.com - Update to version 2.6.3 + fix : AttributeError raised when use_greenlets=True is specified without gevent (https://jira.mongodb.org/browse/PYTHON-561) - + fix : Semaphore leak during connection failure. + + fix : Semaphore leak during connection failure. (https://jira.mongodb.org/browse/PYTHON-580) - + fix : MongoReplicaSetClient ignores waitQueueMultiple and - waitQueueTimeoutMS + + fix : MongoReplicaSetClient ignores waitQueueMultiple and + waitQueueTimeoutMS (https://jira.mongodb.org/browse/PYTHON-579) ------------------------------------------------------------------- @@ -1166,8 +1193,8 @@ Tue Jun 4 03:56:25 UTC 2013 - mlin@suse.com - Update to version 2.5.2 * Version 2.5.2 fixes a NULL pointer dereference issue when decoding - an invalid :class:`~bson.dbref.DBRef`(bnc#822798, CVE-2013-2132). - See release notes in JIRA: + an invalid :class:`~bson.dbref.DBRef`(bnc#822798, CVE-2013-2132). + See release notes in JIRA: https://jira.mongodb.org/browse/PYTHON/fixforversion/12581 for details. ------------------------------------------------------------------- @@ -1176,14 +1203,14 @@ Tue Jun 4 03:54:45 UTC 2013 - mlin@suse.com - Update to version 2.5.1 * Version 2.5.1 is a minor release that fixes issues discovered after the release of 2.5. Most importantly, this release addresses some race - conditions in replica set monitoring. See release notes in JIRA: + conditions in replica set monitoring. See release notes in JIRA: https://jira.mongodb.org/browse/PYTHON/fixforversion/12484 for details. ------------------------------------------------------------------- Wed Apr 3 21:23:59 UTC 2013 - dvaleev@suse.com -- Set Exclusive arch for LittleEndian machines. mongodb is not - BigEndian compatible. +- Set Exclusive arch for LittleEndian machines. mongodb is not + BigEndian compatible. ------------------------------------------------------------------- Wed Mar 27 03:21:28 UTC 2013 - mlin@suse.com @@ -1196,14 +1223,14 @@ Wed Mar 27 03:21:28 UTC 2013 - mlin@suse.com Wed Dec 12 08:01:11 UTC 2012 - mlin@suse.com - Update to version 2.4.1 - * See https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=12286 + * See https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=12286 for details ------------------------------------------------------------------- Wed Dec 12 07:56:27 UTC 2012 - mlin@suse.com - Update to version 2.4 - * See https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=11485 + * See https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=11485 for details ------------------------------------------------------------------- @@ -1211,14 +1238,14 @@ Mon Sep 24 12:03:51 UTC 2012 - i@marguerite.su - Update to version 2.3 * fixes see https://jira.mongodb.org/browse/PYTHON/fixforversion/11146 - * Support for expanded read preferences including directing - reads to tagged servers - See Secondary Reads for more + * Support for expanded read preferences including directing + reads to tagged servers - See Secondary Reads for more information. - * Support for mongos failover - See High Availability and + * Support for mongos failover - See High Availability and mongos for more information. - * A new aggregate() method to support MongoDB’s new + * A new aggregate() method to support MongoDB’s new aggregation framework. - * Support for legacy Java and C# byte order when encoding + * Support for legacy Java and C# byte order when encoding and decoding UUIDs. * Support for connecting directly to an arbiter. diff --git a/python-pymongo.spec b/python-pymongo.spec index 2c5a6c5..da0c09d 100644 --- a/python-pymongo.spec +++ b/python-pymongo.spec @@ -1,7 +1,7 @@ # # spec file for package python-pymongo # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-pymongo -Version: 4.3.3 +Version: 4.6.3 Release: 0 Summary: Python driver for MongoDB License: Apache-2.0 @@ -28,7 +28,10 @@ Source: https://files.pythonhosted.org/packages/source/p/pymongo/pymongo # PATCH-FIX-SUSE: upstream does not care about 32bit Patch0: mongodb-skip-test.patch BuildRequires: %{python_module devel >= 3.7} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} BuildRequires: fdupes BuildRequires: python-rpm-macros %if 0%{?suse_version} || 0%{?fedora_version} >= 24 @@ -51,10 +54,12 @@ implementation on top of pymongo. %build export CFLAGS="%{optflags}" -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install +# do we really need C sources installed? +%python_expand rm -v %{buildroot}%{$python_sitearch}/bson/*.{c,h} %python_expand %fdupes %{buildroot}%{$python_sitearch} %check @@ -64,7 +69,7 @@ export CFLAGS="%{optflags}" %license LICENSE %doc README.rst %{python_sitearch}/pymongo -%{python_sitearch}/pymongo-%{version}*-info +%{python_sitearch}/pymongo-%{version}.dist-info %{python_sitearch}/bson %{python_sitearch}/gridfs