Version in base suite: 1.23.1-1

Base version: mongo-c-driver_1.23.1-1
Target version: mongo-c-driver_1.23.1-1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/m/mongo-c-driver/mongo-c-driver_1.23.1-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/m/mongo-c-driver/mongo-c-driver_1.23.1-1+deb12u1.dsc

 changelog                   |   21 ++++++++++++
 gbp.conf                    |    7 +---
 patches/CVE-2023-0437.patch |   29 ++++++++++++++++
 patches/CVE-2024-6381.patch |   34 +++++++++++++++++++
 patches/CVE-2024-6383.patch |   77 ++++++++++++++++++++++++++++++++++++++++++++
 patches/CVE-2025-0755.patch |   39 ++++++++++++++++++++++
 patches/series              |    4 ++
 7 files changed, 207 insertions(+), 4 deletions(-)

diff -Nru mongo-c-driver-1.23.1/debian/changelog mongo-c-driver-1.23.1/debian/changelog
--- mongo-c-driver-1.23.1/debian/changelog	2022-10-20 16:58:40.000000000 +0000
+++ mongo-c-driver-1.23.1/debian/changelog	2025-04-18 20:28:00.000000000 +0000
@@ -1,3 +1,24 @@
+mongo-c-driver (1.23.1-1+deb12u1) bookworm; urgency=medium
+
+  * Fix CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
+    with an exit condition that cannot be reached may occur, i.e. an infinite
+    loop.
+  * Fix CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
+    library may be susceptible to an integer overflow where the function will
+    try to free memory at a negative offset. This may result in memory
+    corruption.
+  * Fix CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
+    be vulnerable to a buffer overflow where the function might attempt to
+    allocate too small of buffer and may lead to memory corruption of
+    neighbouring heap memory.
+  * Fix CVE-2025-0755: The various bson_append functions in the MongoDB C
+    driver library may be susceptible to buffer overflow when performing
+    operations that could result in a final BSON document which exceeds the
+    maximum allowable size (INT32_MAX), resulting in a segmentation fault and
+    possible application crash.
+
+ -- Roberto C. Sanchez <roberto@connexer.com>  Fri, 18 Apr 2025 16:28:00 -0400
+
 mongo-c-driver (1.23.1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru mongo-c-driver-1.23.1/debian/gbp.conf mongo-c-driver-1.23.1/debian/gbp.conf
--- mongo-c-driver-1.23.1/debian/gbp.conf	2022-10-20 16:58:40.000000000 +0000
+++ mongo-c-driver-1.23.1/debian/gbp.conf	2025-04-18 20:28:00.000000000 +0000
@@ -1,7 +1,6 @@
 [DEFAULT]
 pristine-tar = False
 no-create-orig = True
-pbuilder = True
 
 prebuild = bash -c "
     # Show execution trace
@@ -13,11 +12,11 @@
     zlib_rm_files=\"$(find src/zlib-* -mindepth 1 -maxdepth 1 \! -name zconf.h.in -printf '%p ')\" &&
     # Create upstream tarball from reference, exclude items that do not belong
     pushd $GBP_GIT_DIR/.. &&
-    git archive --format=tar --prefix=mongo-c-driver-\${upstream_version}/ HEAD | tar -f - --delete mongo-c-driver-\${upstream_version}/debian \$zlib_filter_files | gzip > $GBP_BUILD_DIR/../mongo-c-driver_\${upstream_version}.orig.tar.gz &&
+    ( [ -f $GBP_BUILD_DIR/../mongo-c-driver_\${upstream_version}.orig.tar.gz ] || git archive --format=tar --prefix=mongo-c-driver-\${upstream_version}/ HEAD | tar -f - --delete mongo-c-driver-\${upstream_version}/debian \$zlib_filter_files | gzip > $GBP_BUILD_DIR/../mongo-c-driver_\${upstream_version}.orig.tar.gz ) &&
     popd &&
     rm -rf \$zlib_rm_files"
 
 upstream-tree = BRANCH
-upstream-branch = r1.23
+upstream-branch = debian/bookworm
 upstream-tag = %(version)s
-debian-branch = r1.23
+debian-branch = debian/bookworm
diff -Nru mongo-c-driver-1.23.1/debian/patches/CVE-2023-0437.patch mongo-c-driver-1.23.1/debian/patches/CVE-2023-0437.patch
--- mongo-c-driver-1.23.1/debian/patches/CVE-2023-0437.patch	1970-01-01 00:00:00.000000000 +0000
+++ mongo-c-driver-1.23.1/debian/patches/CVE-2023-0437.patch	2025-04-18 20:28:00.000000000 +0000
@@ -0,0 +1,29 @@
+From fd3a978b35cac8f3c78c4d9a1b08fd5aa4d440b8 Mon Sep 17 00:00:00 2001
+From: Kevin Albertson <kevin.albertson@mongodb.com>
+Date: Mon, 30 Oct 2023 18:01:30 +0000
+Subject: [PATCH] CDRIVER-4747 use `size_t` consistently in
+ `bson_utf8_validate` (#1458)
+
+Origin: https://github.com/mongodb/mongo-c-driver/commit/fd3a978b35cac8f3c78c4d9a1b08fd5aa4d440b8
+---
+ src/libbson/src/bson/bson-utf8.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libbson/src/bson/bson-utf8.c b/src/libbson/src/bson/bson-utf8.c
+index d7e9168c96..ac7a1bddfe 100644
+--- a/src/libbson/src/bson/bson-utf8.c
++++ b/src/libbson/src/bson/bson-utf8.c
+@@ -118,8 +118,8 @@ bson_utf8_validate (const char *utf8, /* IN */
+    bson_unichar_t c;
+    uint8_t first_mask;
+    uint8_t seq_length;
+-   unsigned i;
+-   unsigned j;
++   size_t i;
++   size_t j;
+ 
+    BSON_ASSERT (utf8);
+ 
+-- 
+2.39.5
+
diff -Nru mongo-c-driver-1.23.1/debian/patches/CVE-2024-6381.patch mongo-c-driver-1.23.1/debian/patches/CVE-2024-6381.patch
--- mongo-c-driver-1.23.1/debian/patches/CVE-2024-6381.patch	1970-01-01 00:00:00.000000000 +0000
+++ mongo-c-driver-1.23.1/debian/patches/CVE-2024-6381.patch	2025-04-18 20:28:00.000000000 +0000
@@ -0,0 +1,34 @@
+From effd95c34ad421df94eec7c69236f0e4172552d0 Mon Sep 17 00:00:00 2001
+From: Ezra Chung <88335979+eramongodb@users.noreply.github.com>
+Date: Fri, 8 Mar 2024 13:09:07 -0600
+Subject: [PATCH] CDRIVER-5504 Use pointer-based iteration when traversing
+ array elements (#1552)
+
+Origin: https://github.com/mongodb/mongo-c-driver/commit/effd95c34ad421df94eec7c69236f0e4172552d0
+---
+ src/libbson/src/bson/bson-string.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/libbson/src/bson/bson-string.c b/src/libbson/src/bson/bson-string.c
+index 36c4c5ab49..958fd10666 100644
+--- a/src/libbson/src/bson/bson-string.c
++++ b/src/libbson/src/bson/bson-string.c
+@@ -473,11 +473,11 @@ bson_strndup (const char *str, /* IN */
+ void
+ bson_strfreev (char **str) /* IN */
+ {
+-   int i;
+-
+    if (str) {
+-      for (i = 0; str[i]; i++)
+-         bson_free (str[i]);
++      for (char **ptr = str; *ptr != NULL; ++ptr) {
++         bson_free (*ptr);
++      }
++
+       bson_free (str);
+    }
+ }
+-- 
+2.39.5
+
diff -Nru mongo-c-driver-1.23.1/debian/patches/CVE-2024-6383.patch mongo-c-driver-1.23.1/debian/patches/CVE-2024-6383.patch
--- mongo-c-driver-1.23.1/debian/patches/CVE-2024-6383.patch	1970-01-01 00:00:00.000000000 +0000
+++ mongo-c-driver-1.23.1/debian/patches/CVE-2024-6383.patch	2025-04-18 20:28:00.000000000 +0000
@@ -0,0 +1,77 @@
+From 7c34461863211be172e6317221d72e4429bed45e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@connexer.com>
+Date: Fri, 3 May 2024 15:30:45 -0400
+Subject: [PATCH] CDRIVER-5552 more robust string handling (#1593)
+
+Co-authored-by: Kevin Albertson <kevin.albertson@10gen.com>
+
+Origin: https://github.com/mongodb/mongo-c-driver/commit/7c34461863211be172e6317221d72e4429bed45e
+---
+ src/libbson/src/bson/bson-string.c |   27 +++++++++++++++++++++------
+ 1 file changed, 21 insertions(+), 6 deletions(-)
+
+--- a/src/libbson/src/bson/bson-string.c
++++ b/src/libbson/src/bson/bson-string.c
+@@ -20,6 +20,7 @@
+ 
+ #include "bson-compat.h"
+ #include "bson-config.h"
++#include "bson-cmp.h"
+ #include "bson-string.h"
+ #include "bson-memory.h"
+ #include "bson-utf8.h"
+@@ -61,16 +62,25 @@
+ bson_string_new (const char *str) /* IN */
+ {
+    bson_string_t *ret;
++   size_t len_sz;
+ 
+    ret = bson_malloc0 (sizeof *ret);
+-   ret->len = str ? (int) strlen (str) : 0;
++   if (str) {
++      len_sz = strlen (str);
++      BSON_ASSERT (len_sz <= UINT32_MAX);
++      ret->len = (uint32_t) len_sz;
++   } else {
++      ret->len = 0;
++   }
+    ret->alloc = ret->len + 1;
+ 
+    if (!bson_is_power_of_two (ret->alloc)) {
+-      ret->alloc = (uint32_t) bson_next_power_of_two ((size_t) ret->alloc);
++      len_sz = bson_next_power_of_two ((size_t) ret->alloc);
++      BSON_ASSERT (len_sz <= UINT32_MAX);
++      ret->alloc = (uint32_t) len_sz;
+    }
+ 
+-   BSON_ASSERT (ret->alloc >= 1);
++   BSON_ASSERT (ret->alloc >= ret->len + 1);
+ 
+    ret->str = bson_malloc (ret->alloc);
+ 
+@@ -125,17 +135,22 @@
+                     const char *str)       /* IN */
+ {
+    uint32_t len;
++   size_t len_sz;
+ 
+    BSON_ASSERT (string);
+    BSON_ASSERT (str);
+ 
+-   len = (uint32_t) strlen (str);
++   len_sz = strlen (str);
++   BSON_ASSERT (bson_in_range_unsigned (uint32_t, len_sz));
++   len = (uint32_t) len_sz;
+ 
+    if ((string->alloc - string->len - 1) < len) {
++      BSON_ASSERT (string->alloc <= UINT32_MAX - len);
+       string->alloc += len;
+       if (!bson_is_power_of_two (string->alloc)) {
+-         string->alloc =
+-            (uint32_t) bson_next_power_of_two ((size_t) string->alloc);
++         len_sz = bson_next_power_of_two ((size_t) string->alloc);
++         BSON_ASSERT (len_sz <= UINT32_MAX);
++         string->alloc = (uint32_t) len_sz;
+       }
+       string->str = bson_realloc (string->str, string->alloc);
+    }
diff -Nru mongo-c-driver-1.23.1/debian/patches/CVE-2025-0755.patch mongo-c-driver-1.23.1/debian/patches/CVE-2025-0755.patch
--- mongo-c-driver-1.23.1/debian/patches/CVE-2025-0755.patch	1970-01-01 00:00:00.000000000 +0000
+++ mongo-c-driver-1.23.1/debian/patches/CVE-2025-0755.patch	2025-04-18 20:28:00.000000000 +0000
@@ -0,0 +1,39 @@
+From d3cdb626be30748b9360451023c75438ec346a38 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@connexer.com>
+Date: Tue, 16 Jul 2024 16:15:16 -0400
+Subject: [PATCH] CDRIVER-5601 more robust bson append (#1648)
+
+Co-authored-by: Kevin Albertson <kevin.albertson@10gen.com>
+Co-authored-by: Ezra Chung <88335979+eramongodb@users.noreply.github.com>
+
+Origin: https://github.com/mongodb/mongo-c-driver/commit/d3cdb626be30748b9360451023c75438ec346a38
+---
+ src/libbson/src/bson/bson.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/libbson/src/bson/bson.c b/src/libbson/src/bson/bson.c
+index adc5ee2cc8..e29b2a771c 100644
+--- a/src/libbson/src/bson/bson.c
++++ b/src/libbson/src/bson/bson.c
+@@ -324,7 +324,18 @@ _bson_append_va (bson_t *bson,              /* IN */
+ 
+    buf = _bson_data (bson) + bson->len - 1;
+ 
++   /* Track running sum of bytes written in a uint64_t to detect possible overflow of `n_bytes`. */
++   uint64_t n_bytes_sum = 0;
+    do {
++      // Size of any individual data being appended should not exceed the total byte limit.
++      if (BSON_UNLIKELY (bson_cmp_less_uu (n_bytes, data_len))) {
++         return false;
++      }
++      // Total size of data being appended should not exceed the total byte limit.
++      if (BSON_UNLIKELY (bson_cmp_greater_uu (n_bytes_sum, n_bytes - data_len))) {
++         return false;
++      }
++      n_bytes_sum += data_len;
+       n_pairs--;
+       /* data may be NULL if data_len is 0. memcpy is not safe to call with
+        * NULL. */
+-- 
+2.39.5
+
diff -Nru mongo-c-driver-1.23.1/debian/patches/series mongo-c-driver-1.23.1/debian/patches/series
--- mongo-c-driver-1.23.1/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ mongo-c-driver-1.23.1/debian/patches/series	2025-04-18 20:28:00.000000000 +0000
@@ -0,0 +1,4 @@
+CVE-2023-0437.patch
+CVE-2024-6381.patch
+CVE-2024-6383.patch
+CVE-2025-0755.patch