SOURCES/pymongo-CVE-2024-5629.patch

@@ -1,33 +0,0 @@
-Backported upstream commit https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2
-Fixed CVE-2024-5629
-diff -ur mongo-python-driver-3.7.0/bson/_cbsonmodule.c mongo_patch/bson/_cbsonmodule.c
---- mongo-python-driver-3.7.0/bson/_cbsonmodule.c	2018-06-26 18:08:42.000000000 +0000
-+++ mongo_patch/bson/_cbsonmodule.c	2025-04-06 07:06:48.259986820 +0000
-@@ -2280,6 +2280,7 @@
-             uint32_t c_w_s_size;
-             uint32_t code_size;
-             uint32_t scope_size;
-+	    uint32_t len;
-             PyObject* code;
-             PyObject* scope;
-             PyObject* code_type;
-@@ -2299,7 +2300,8 @@
-             memcpy(&code_size, buffer + *position, 4);
-             code_size = BSON_UINT32_FROM_LE(code_size);
-             /* code_w_scope length + code length + code + scope length */
--            if (!code_size || max < code_size || max < 4 + 4 + code_size + 4) {
-+	    len = 4 + 4 + code_size + 4;
-+            if (!code_size || max < code_size || max < len || len < code_size) {
-                 goto invalid;
-             }
-             *position += 4;
-@@ -2322,7 +2324,8 @@
-                 goto invalid;
-             }
-             /* code length + code + scope length + scope */
--            if ((4 + code_size + 4 + scope_size) != c_w_s_size) {
-+	    len = 4 + 4 + code_size + scope_size;
-+            if (scope_size < BSON_MIN_SIZE || len != c_w_s_size || len < scope_size) {
-                 Py_DECREF(code);
-                 goto invalid;
-             }

SPECS/python-pymongo.spec

@@ -22,7 +22,7 @@
 
 Name:           python-pymongo
 Version:        3.7.0
-Release:        2%{?dist}
+Release:        1%{?dist}
 
 # All code is ASL 2.0 except bson/time64*.{c,h} which is MIT
 License:        ASL 2.0 and MIT
@@ -37,7 +37,6 @@ ExclusiveArch:  %{mongodb_arches}
 # and CVE-2013-2099, and wasn't needed anyway since Fedora >= 22 has the needed module in the Python
 # standard library. It also adjusts imports so that they exclusively use the code from Python.
 Patch01:        0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch
-Patch02:	pymongo-CVE-2024-5629.patch
 
 %if %{with tests}
 %ifnarch armv7hl ppc64 s390 s390x
@@ -163,7 +162,6 @@ contains the python3 version of this module.
 %prep
 %setup -q -n mongo-python-driver-%{version}
 %patch01 -p1 -b .ssl
-%patch02 -p1
 
 # Remove the bundled ssl.match_hostname library as it was vulnerable to CVE-2013-7440
 # and CVE-2013-2099, and isn't needed anyway since Fedora >= 22 has the needed module in the Python
@@ -287,9 +285,6 @@ pkill mongod
 
 
 %changelog
-* Fri Apr 04 2025 Filip Janus <fjanus@redhat.com> - 3.7.0-2
-- Backport CVE-2024-5629
-
 * Fri Oct 09 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3.7.0-1
 - Rebase to 3.7.0
 - Includes new SCRAM-SHA-256 authentication