package/mongodb: security bump to version 4.2.18

Fix CVE-2021-20330: An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6. Drop third patch (already in version) https://docs.mongodb.com/master/release-notes/4.2/ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 49bbf644d4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-01-25 18:34:22 +01:00 · 2022-01-25 18:34:22 +01:00 · d146485de1
commit d146485de1
parent b26a86ffa2
2 changed files with 2 additions and 2 deletions
--- a/package/mongodb/mongodb.hash
+++ b/package/mongodb/mongodb.hash
@ -1,4 +1,4 @@
 # Locally computed:
-sha256  ab5a8b6e967614a8ad67c0ca87124c4f380d4a476508973a7995d54ed902b02e  mongodb-src-r4.2.11.tar.gz
+sha256  5bbb9567cc1f358ac7d9f37d9fe749862728bdf9f742d1dfc5e35a8b6c2985ba  mongodb-src-r4.2.18.tar.gz
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  APACHE-2.0.txt
 sha256  09d99ca61eb07873d5334077acba22c33e7f7d0a9fa08c92734e0ac8430d6e27  LICENSE-Community.txt
--- a/package/mongodb/mongodb.mk
+++ b/package/mongodb/mongodb.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-MONGODB_VERSION = 4.2.11
+MONGODB_VERSION = 4.2.18
 MONGODB_SITE = https://fastdl.mongodb.org/src
 MONGODB_SOURCE = mongodb-src-r$(MONGODB_VERSION).tar.gz