libmongocrypt-helper 1.13.2.0.1001 → 1.14.0.0.1001

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: baf822be923fbdd64028517f349c49776bcd49fc71a20b2625bb0e7f947db6ee
-  data.tar.gz: d54d214ba2f0bbab4ad98adb1eb36ec4f1bd301eda8835e02a8f211c787a925a
+  metadata.gz: 197853e4c5046361f1d1de43cfb17680ebbc2ffb124fb28335987dae0ef1a574
+  data.tar.gz: 96bccae1037132b830c908db7a5664f6d019dd16e173dcdd615e91a9b41bd1e7
 SHA512:
-  metadata.gz: d834c0a45d8f3bdd61e6031f9bb9ef2f66dee31c1155c8ac15b33b22cba6267b6cfc714235c0a93e010a701535ee3e8615276af62239e30d764d4adac10b69f6
-  data.tar.gz: 63e6f9acb70f94690bd11edd415fbfffabb5051c8c5c59b6ddaeeb809e0f423f24297f0541ca3f1e8e3e496b66beaae2fea7b05add2d4dd16af44aa1615b398a
+  metadata.gz: 76e6da0aa60bcc18568e4d0fde151a064887789ade68ef0e98da3d51b1c408f5ea9b6311f95a4a77422df1a7fd74c3550c0335e2d8b352b8c14d7af7a7dddad4
+  data.tar.gz: 4c61332a072aafdfc09034fa3f305637ffd8e3276186101261b6d4a09ea7340966d783093f43ed5067ec3489f23e42eea04436e51eb49ae69bdf098c8a0be38b

data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md

@@ -1,4 +1,12 @@
 # ChangeLog
+## 1.14.0
+### Fixed
+- Fix building against libbson with extra alignment enabled (`ENABLE_EXTRA_ALIGNMENT=ON`).
+- Retry KMS encrypt request for context created by `mongocrypt_ctx_rewrap_many_datakey_init`.
+### Improvements
+- Improve performance of OpenSSL crypto operations.
+- Improve error for incorrect path to crypt_shared library.
+
 ## 1.13.2
 ### Notes
 - Bump downloaded libbson version from 1.28.1 to 1.30.3. Fixes a CMake configure error on macOS with CMake 4.

data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt

@@ -108,6 +108,7 @@ set (MONGOCRYPT_SOURCES
    src/mc-fle2-encryption-placeholder.c
    src/mc-fle2-find-equality-payload.c
    src/mc-fle2-find-equality-payload-v2.c
+   src/mc-fle2-find-text-payload.c
    src/mc-fle2-payload-iev.c
    src/mc-fle2-payload-iev-v2.c
    src/mc-fle2-payload-uev.c
@@ -115,6 +116,7 @@ set (MONGOCRYPT_SOURCES
    src/mc-fle2-payload-uev-v2.c
    src/mc-fle2-rfds.c
    src/mc-fle2-tag-and-encrypted-metadata-block.c
+   src/mc-parse-utils.c
    src/mc-range-edge-generation.c
    src/mc-range-mincover.c
    src/mc-range-encoding.c
@@ -469,6 +471,7 @@ set (TEST_MONGOCRYPT_SOURCES
    test/test-mc-fle2-encryption-placeholder.c
    test/test-mc-fle2-find-equality-payload-v2.c
    test/test-mc-fle2-find-range-payload-v2.c
+   test/test-mc-fle2-find-text-payload.c
    test/test-mc-fle2-payload-iev.c
    test/test-mc-fle2-payload-iev-v2.c
    test/test-mc-fle2-payload-iup.c
@@ -533,6 +536,8 @@ target_compile_definitions (test-mongocrypt PRIVATE
    "TEST_MONGOCRYPT_OUTPUT_PATH=\"$<TARGET_FILE:test-mongocrypt>\""
    # Tell test-mongocrypt whether we have a real csfle library for testing
    TEST_MONGOCRYPT_HAVE_REAL_CRYPT_SHARED_LIB=$<BOOL:${MONGOCRYPT_TESTING_CRYPT_SHARED_FILE}>
+   # Tell test-mongocrypt the path of the libmongocrypt shared library for testing.
+   "TEST_MONGOCRYPT_MONGOCRYPT_SHARED_PATH=\"$<TARGET_FILE:mongocrypt>\""
    )
 
 add_test (
@@ -712,4 +717,3 @@ install (
    COMPONENT
       Devel
 )
-

data/ext/libmongocrypt/libmongocrypt/CODEOWNERS

@@ -1,4 +1,7 @@
 # Code Owners will automatically be added as reviewers on PRs
 
+# Listing code owners is required by DRIVERS-3098
+* @mongodb/dbx-c-cxx
+
 # Python Bindings
-bindings/python @mongodb/dbx-python
+bindings/python @mongodb/dbx-python

data/ext/libmongocrypt/libmongocrypt/Earthfile

@@ -50,15 +50,16 @@
     #   • sles15 - OpenSUSE Leap 15.0
     #   • alpine - Alpine Linux 3.18
     #
-    # When adding new environments, always pull from a fully-qualified image ID:
+    # When adding new environments, prefer an unqualified image ID with a version:
     #   • DO NOT: "ubuntu"
     #   • DO NOT: "ubuntu:latest"
-    #   • DO NOT: "ubuntu:22.10"
-    #   • DO: "artifactory.corp.mongodb.com/dockerhub/library/ubuntu:22.10"
+    #   • DO NOT: "docker.io/library/ubuntu:22.10"
+    #   • DO: "ubuntu:22.10"
+    # Use of an unqualified image ID may enable separate registry in CI and local development.
 # ###
 
 VERSION --use-cache-command 0.6
-FROM artifactory.corp.mongodb.com/dockerhub/library/alpine:3.16
+FROM alpine:3.16
 WORKDIR /s
 
 init:
@@ -125,24 +126,24 @@ ALPINE_SETUP:
 
 env.c6:
     # A CentOS 6 environment.
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/centos:6
+    FROM +init --base=centos:6
     DO +CENTOS6_SETUP
 
 env.c7:
     # A CentOS 7 environment.
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/centos:7
+    FROM +init --base=centos:7
     DO +REDHAT_SETUP
 
 env.rl8:
     # CentOS 8 is cancelled. Use RockyLinux 8 for our RHEL 8 environment.
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/rockylinux:8
+    FROM +init --base=rockylinux:8
     DO +REDHAT_SETUP
 
 # Utility command for Ubuntu environments
 ENV_UBUNTU:
     COMMAND
     ARG --required version
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/ubuntu:$version
+    FROM +init --base=ubuntu:$version
     DO +DEBIAN_SETUP
 
 env.u14:
@@ -167,19 +168,19 @@ env.u22:
 
 env.amzn1:
     # An Amazon "1" environment. (AmazonLinux 2018)
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/amazonlinux:2018.03
+    FROM +init --base=amazonlinux:2018.03
     DO +AMZ_SETUP
 
 env.amzn2:
     # An AmazonLinux 2 environment
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/amazonlinux:2
+    FROM +init --base=amazonlinux:2
     DO +AMZ_SETUP
 
 # Utility command for Debian setup
 ENV_DEBIAN:
     COMMAND
     ARG --required version
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/debian:$version
+    FROM +init --base=debian:$version
     IF [ $version = "9.2" ]
         # Update source list for archived Debian stretch packages.
         # Refer: https://unix.stackexchange.com/a/743865/260858
@@ -208,11 +209,11 @@ env.deb12:
 
 env.sles15:
     # An OpenSUSE Leap 15.0 environment.
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/opensuse/leap:15.0
+    FROM +init --base=opensuse/leap:15.0
     DO +SLES_SETUP
 
 env.alpine:
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/alpine:3.18
+    FROM +init --base=alpine:3.18
     DO +ALPINE_SETUP
 
 # Utility: Warm-up obtaining CMake and Ninja for the build. This is usually
@@ -259,7 +260,7 @@ BUILD_EXAMPLE_STATE_MACHINE:
     RUN cd /s && /s/example-state-machine
 
 rpm-build:
-    FROM +init --base artifactory.corp.mongodb.com/dockerhub/fedora:38
+    FROM +init --base fedora:38
     GIT CLONE https://src.fedoraproject.org/rpms/libmongocrypt.git /R
     # Install the packages listed by "BuildRequires" and rpm-build:
     RUN __install $(awk '/^BuildRequires:/ { print $2 }' /R/libmongocrypt.spec) \
@@ -275,7 +276,7 @@ rpm-build:
 
 rpm-install-runtime:
     # Install the runtime RPM
-    FROM +init --base artifactory.corp.mongodb.com/dockerhub/fedora:38
+    FROM +init --base fedora:38
     COPY +rpm-build/RPMS /tmp/libmongocrypt-rpm/
     RUN dnf makecache
     RUN __install $(find /tmp/libmongocrypt-rpm/ -name 'libmongocrypt-1.*.rpm')
@@ -325,7 +326,7 @@ deb-build:
 
 deb-install-runtime:
     # Install the runtime deb package
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/library/debian:unstable
+    FROM +init --base=debian:unstable
     COPY +deb-build/debs/libmongocrypt0*.deb /tmp/lmc.deb
     RUN __install /tmp/lmc.deb
 
@@ -354,7 +355,7 @@ packaging-full-test:
     BUILD +rpm-runtime-test
 
 check-format:
-    FROM +init --base=artifactory.corp.mongodb.com/dockerhub/python:3.11.2-slim-buster
+    FROM +init --base=python:3.11.2-slim-buster
     RUN __install build-essential # To install `make` to install clang-format.
     RUN pip install pipx
     COPY etc/format* /X/etc/

data/ext/libmongocrypt/libmongocrypt/README.md

@@ -103,7 +103,7 @@ See [releasing](./doc/releasing.md).
 Distribution packages (i.e., .deb/.rpm) are built and published for several Linux distributions.  The installation of these packages for supported platforms is documented here.
 
 ### Unstable Development Distribution Packages ###
-To install the latest unstable development package, change `1.13` to `development` in the package URLs listed in the subsequent instructions. For example, `https://libmongocrypt.s3.amazonaws.com/apt/ubuntu <release>/libmongocrypt/1.13` in the instructions would become `https://libmongocrypt.s3.amazonaws.com/apt/ubuntu <release>/libmongocrypt/development`. Do not use the unstable version of libmongocrypt in a production environment.
+To install the latest unstable development package, change `1.14` to `development` in the package URLs listed in the subsequent instructions. For example, `https://libmongocrypt.s3.amazonaws.com/apt/ubuntu <release>/libmongocrypt/1.14` in the instructions would become `https://libmongocrypt.s3.amazonaws.com/apt/ubuntu <release>/libmongocrypt/development`. Do not use the unstable version of libmongocrypt in a production environment.
 
 ### .deb Packages (Debian and Ubuntu) ###
 
@@ -144,13 +144,13 @@ sudo sh -c 'curl -s --location https://pgp.mongodb.com/libmongocrypt.asc | gpg -
 Second, create a list entry for the repository.  For Ubuntu systems (be sure to change `<release>` to `xenial`, `bionic`, `focal`, or `jammy`, as appropriate to your system):
 
 ```
-echo "deb https://libmongocrypt.s3.amazonaws.com/apt/ubuntu <release>/libmongocrypt/1.13 universe" | sudo tee /etc/apt/sources.list.d/libmongocrypt.list
+echo "deb https://libmongocrypt.s3.amazonaws.com/apt/ubuntu <release>/libmongocrypt/1.14 universe" | sudo tee /etc/apt/sources.list.d/libmongocrypt.list
 ```
 
 For Debian systems (be sure to change `<release>` to `stretch`, `buster`, `bullseye`, or `bookworm` as appropriate to your system):
 
 ```
-echo "deb https://libmongocrypt.s3.amazonaws.com/apt/debian <release>/libmongocrypt/1.13 main" | sudo tee /etc/apt/sources.list.d/libmongocrypt.list
+echo "deb https://libmongocrypt.s3.amazonaws.com/apt/debian <release>/libmongocrypt/1.14 main" | sudo tee /etc/apt/sources.list.d/libmongocrypt.list
 ```
 
 #### Package installation ####
@@ -172,7 +172,7 @@ Create the file `/etc/yum.repos.d/libmongocrypt.repo` with contents:
 ```
 [libmongocrypt]
 name=libmongocrypt repository
-baseurl=https://libmongocrypt.s3.amazonaws.com/yum/redhat/$releasever/libmongocrypt/1.13/x86_64
+baseurl=https://libmongocrypt.s3.amazonaws.com/yum/redhat/$releasever/libmongocrypt/1.14/x86_64
 gpgcheck=1
 enabled=1
 gpgkey=https://pgp.mongodb.com/libmongocrypt.asc
@@ -191,7 +191,7 @@ Create the file `/etc/yum.repos.d/libmongocrypt.repo` with contents:
 ```
 [libmongocrypt]
 name=libmongocrypt repository
-baseurl=https://libmongocrypt.s3.amazonaws.com/yum/amazon/2023/libmongocrypt/1.13/x86_64
+baseurl=https://libmongocrypt.s3.amazonaws.com/yum/amazon/2023/libmongocrypt/1.14/x86_64
 gpgcheck=1
 enabled=1
 gpgkey=https://pgp.mongodb.com/libmongocrypt.asc
@@ -210,7 +210,7 @@ Create the file `/etc/yum.repos.d/libmongocrypt.repo` with contents:
 ```
 [libmongocrypt]
 name=libmongocrypt repository
-baseurl=https://libmongocrypt.s3.amazonaws.com/yum/amazon/2/libmongocrypt/1.13/x86_64
+baseurl=https://libmongocrypt.s3.amazonaws.com/yum/amazon/2/libmongocrypt/1.14/x86_64
 gpgcheck=1
 enabled=1
 gpgkey=https://pgp.mongodb.com/libmongocrypt.asc
@@ -229,7 +229,7 @@ Create the file `/etc/yum.repos.d/libmongocrypt.repo` with contents:
 ```
 [libmongocrypt]
 name=libmongocrypt repository
-baseurl=https://libmongocrypt.s3.amazonaws.com/yum/amazon/2013.03/libmongocrypt/1.13/x86_64
+baseurl=https://libmongocrypt.s3.amazonaws.com/yum/amazon/2013.03/libmongocrypt/1.14/x86_64
 gpgcheck=1
 enabled=1
 gpgkey=https://pgp.mongodb.com/libmongocrypt.asc
@@ -252,7 +252,7 @@ sudo rpm --import https://pgp.mongodb.com/libmongocrypt.asc
 Second, add the repository (be sure to change `<release>` to `12` or `15`, as appropriate to your system):
 
 ```
-sudo zypper addrepo --gpgcheck "https://libmongocrypt.s3.amazonaws.com/zypper/suse/<release>/libmongocrypt/1.13/x86_64" libmongocrypt
+sudo zypper addrepo --gpgcheck "https://libmongocrypt.s3.amazonaws.com/zypper/suse/<release>/libmongocrypt/1.14/x86_64" libmongocrypt
 ```
 
 Finally, install the libmongocrypt packages:

data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst

@@ -1,6 +1,13 @@
 Changelog
 =========
 
+Changes in Version 1.13.0
+-------------------------
+
+- Bundle libmongocrypt 1.13.1 in release wheels.
+- Add support for the ``key_expiration_ms`` option to ``MongoCryptOptions``.
+- Add support for ``$lookup`` in CSFLE and QE.
+
 Changes in Version 1.12.0
 -------------------------
 

data/ext/libmongocrypt/libmongocrypt/bindings/python/CONTRIBUTING.md

@@ -0,0 +1,34 @@
+# Contributing to PyMongoCrypt
+
+## Asyncio considerations
+PyMongoCrypt adds asyncio capability by modifying the source files in */asynchronous to */synchronous using [unasync](https://github.com/python-trio/unasync/) and some custom transforms.
+
+Where possible, edit the code in `*/asynchronous/*.py` and not the synchronous files. You can run `pre-commit run --all-files synchro` before running tests if you are testing synchronous code.
+
+To prevent the synchro hook from accidentally overwriting code, it first checks to see whether a sync version of a file is changing and not its async counterpart, and will fail. In the unlikely scenario that you want to override this behavior, first export `OVERRIDE_SYNCHRO_CHECK=1`.
+
+Sometimes, the synchro hook will fail and introduce changes many previously unmodified files. This is due to static Python errors, such as missing imports, incorrect syntax, or other fatal typos. To resolve these issues, run `pre-commit run --all-files --hook-stage manual ruff` and fix all reported errors before running the synchro hook again.
+
+## Updating the libmongocrypt bindings
+
+To update the libmongocrypt bindings in `pymongocrypt/binding.py`, run the following script:
+
+```bash
+python scripts/update_binding.py
+```
+
+## Update the bundled version of libmongocrypt
+
+To update the bundled version of libmongocrypt, run the following script:
+
+```bash
+bash script/update-version.sh <new-version>
+```
+
+This will set the version in `scripts/libmongocrypt-version.sh` and update `sbom.json` to reflect
+the new vendored version of `libmongocrypt`.
+
+## Building wheels
+
+To build wheels, run `scripts/release.sh`.  It will build the appropriate wheel for the current system
+on Windows and MacOS.  If docker is available on Linux or MacOS, it will build the manylinux wheels.

data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py

@@ -46,7 +46,7 @@ class AsyncMongoCryptCallback(ABC):
           - `filter`: The filter to pass to listCollections.
 
         :Returns:
-          The first document from the listCollections command response as BSON.
+          The all or first document from the listCollections command response as BSON.
         """
 
     @abstractmethod
@@ -125,7 +125,11 @@ async def run_state_machine(ctx, callback):
             list_colls_filter = ctx.mongo_operation()
             coll_info = await callback.collection_info(ctx.database, list_colls_filter)
             if coll_info:
-                ctx.add_mongo_operation_result(coll_info)
+                if isinstance(coll_info, list):
+                    for i in coll_info:
+                        ctx.add_mongo_operation_result(i)
+                else:
+                    ctx.add_mongo_operation_result(coll_info)
             ctx.complete_mongo_operation()
         elif state == lib.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS:
             mongocryptd_cmd = ctx.mongo_operation()

data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py

@@ -29,9 +29,10 @@ def _parse_version(version):
 
 ffi = cffi.FFI()
 
-# Generated with strip_header.py
+# Start embedding from update_binding.py
 ffi.cdef(
-    """/*
+    """
+/*
  * Copyright 2019-present MongoDB, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -323,6 +324,16 @@ bool mongocrypt_setopt_log_handler(mongocrypt_t *crypt, mongocrypt_log_fn_t log_
  */
 bool mongocrypt_setopt_retry_kms(mongocrypt_t *crypt, bool enable);
 
+/**
+ * Enable support for multiple collection schemas. Required to support $lookup.
+ *
+ * @param[in] crypt The @ref mongocrypt_t object.
+ * @pre @ref mongocrypt_init has not been called on @p crypt.
+ * @returns A boolean indicating success. If false, an error status is set.
+ * Retrieve it with @ref mongocrypt_ctx_status
+ */
+bool mongocrypt_setopt_enable_multiple_collinfo(mongocrypt_t *crypt);
+
 /**
  * Configure an AWS KMS provider on the @ref mongocrypt_t object.
  *
@@ -1466,8 +1477,13 @@ bool mongocrypt_setopt_key_expiration(mongocrypt_t *crypt, uint64_t cache_expira
 
 /// String constants for setopt_query_type
 // DEPRECATED: Support "rangePreview" has been removed in favor of "range".
+/// NOTE: "substringPreview" is experimental and may be removed in a future non-major release.
+/// NOTE: "suffixPreview" is experimental and may be removed in a future non-major release.
+/// NOTE: "prefixPreview" is experimental and may be removed in a future non-major release.
+
 """
 )
+# End embedding from update_binding.py
 
 
 def _to_string(cdata):

data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py

@@ -96,6 +96,9 @@ class MongoCrypt:
         if self.__opts.bypass_query_analysis:
             lib.mongocrypt_setopt_bypass_query_analysis(self.__crypt)
 
+        if self.__opts.enable_multiple_collinfo:
+            lib.mongocrypt_setopt_enable_multiple_collinfo(self.__crypt)
+
         # Prefer using the native crypto binding when we know it's available.
         try:
             crypto_available = lib.mongocrypt_is_crypto_available()
@@ -149,10 +152,15 @@ class MongoCrypt:
         if any([on_demand_aws, on_demand_gcp, on_demand_azure]):
             lib.mongocrypt_setopt_use_need_kms_credentials_state(self.__crypt)
 
-        # Enable KMS retry when available, libmongocrypt >= 1.12.0,
+        # Enable KMS retry and key_expiration_ms when available, libmongocrypt >= 1.12.0,
         try:
             if not lib.mongocrypt_setopt_retry_kms(self.__crypt, True):
                 self.__raise_from_status()
+            if self.__opts.key_expiration_ms is not None:
+                if not lib.mongocrypt_setopt_key_expiration(
+                    self.__crypt, self.__opts.key_expiration_ms
+                ):
+                    self.__raise_from_status()
         except AttributeError:
             # libmongocrypt < 1.12
             pass

data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py

@@ -11,6 +11,8 @@ class MongoCryptOptions:
         crypt_shared_lib_path=None,
         crypt_shared_lib_required=False,
         bypass_encryption=False,
+        key_expiration_ms=None,
+        enable_multiple_collinfo=False,
     ):
         """Options for :class:`MongoCrypt`.
 
@@ -53,6 +55,11 @@ class MongoCryptOptions:
           - `crypt_shared_lib_required`: Whether to require a crypt_shared
             library.
           - `bypass_encryption`: Whether to bypass encryption.
+          - `key_expiration_ms` (int): The cache expiration time for data
+            encryption keys. Defaults to 60000. 0 means keys never expire.
+
+        .. versionadded:: 1.13
+           Added the ``key_expiration_ms`` parameter.
 
         .. versionremoved:: 1.11
            Removed the ``enable_range_v2`` parameter.
@@ -136,6 +143,11 @@ class MongoCryptOptions:
             encrypted_fields_map, bytes
         ):
             raise TypeError("encrypted_fields_map must be bytes or None")
+        if key_expiration_ms is not None:
+            if not isinstance(key_expiration_ms, int):
+                raise TypeError("key_expiration_ms must be int or None")
+            if key_expiration_ms < 0:
+                raise ValueError("key_expiration_ms must be >=0 or None")
 
         self.kms_providers = kms_providers
         self.schema_map = schema_map
@@ -144,6 +156,8 @@ class MongoCryptOptions:
         self.crypt_shared_lib_path = crypt_shared_lib_path
         self.crypt_shared_lib_required = crypt_shared_lib_required
         self.bypass_encryption = bypass_encryption
+        self.key_expiration_ms = key_expiration_ms
+        self.enable_multiple_collinfo = enable_multiple_collinfo
 
 
 class ExplicitEncryptOpts:

data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py

@@ -46,7 +46,7 @@ class MongoCryptCallback(ABC):
           - `filter`: The filter to pass to listCollections.
 
         :Returns:
-          The first document from the listCollections command response as BSON.
+          The all or first document from the listCollections command response as BSON.
         """
 
     @abstractmethod
@@ -125,7 +125,11 @@ def run_state_machine(ctx, callback):
             list_colls_filter = ctx.mongo_operation()
             coll_info = callback.collection_info(ctx.database, list_colls_filter)
             if coll_info:
-                ctx.add_mongo_operation_result(coll_info)
+                if isinstance(coll_info, list):
+                    for i in coll_info:
+                        ctx.add_mongo_operation_result(i)
+                else:
+                    ctx.add_mongo_operation_result(coll_info)
             ctx.complete_mongo_operation()
         elif state == lib.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS:
             mongocryptd_cmd = ctx.mongo_operation()

data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py

@@ -12,6 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-__version__ = "1.13.0.dev0"
+__version__ = "1.14.0.dev0"
 
 _MIN_LIBMONGOCRYPT_VERSION = "1.8.0"

data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json

@@ -1,31 +1,31 @@
 {
   "components": [
     {
-      "bom-ref": "pkg:github/mongodb/libmongocrypt@1.12.0",
+      "bom-ref": "pkg:github/mongodb/libmongocrypt@1.13.1",
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://github.com/mongodb/libmongocrypt/archive/refs/tags/1.12.0.tar.gz"
+          "url": "https://github.com/mongodb/libmongocrypt/archive/refs/tags/1.13.1.tar.gz"
         },
         {
           "type": "website",
-          "url": "https://github.com/mongodb/libmongocrypt/tree/1.12.0"
+          "url": "https://github.com/mongodb/libmongocrypt/tree/1.13.1"
         }
       ],
       "group": "mongodb",
       "name": "libmongocrypt",
-      "purl": "pkg:github/mongodb/libmongocrypt@1.12.0",
+      "purl": "pkg:github/mongodb/libmongocrypt@1.13.1",
       "type": "library",
-      "version": "1.12.0"
+      "version": "1.13.1"
     }
   ],
   "dependencies": [
     {
-      "ref": "pkg:github/mongodb/libmongocrypt@1.12.0"
+      "ref": "pkg:github/mongodb/libmongocrypt@1.13.1"
     }
   ],
   "metadata": {
-    "timestamp": "2024-12-30T18:25:06.574241+00:00",
+    "timestamp": "2025-04-01T19:53:54.393395+00:00",
     "tools": [
       {
         "externalReferences": [
@@ -68,7 +68,7 @@
       }
     ]
   },
-  "serialNumber": "urn:uuid:5e81b4d2-1313-43dd-9ec0-b958d0d71bca",
+  "serialNumber": "urn:uuid:a5e0a753-031f-43e3-ac20-f39b878c46e1",
   "version": 1,
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",

data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/libmongocrypt-version.txt

@@ -0,0 +1 @@
+1.13.1

data/ext/libmongocrypt/libmongocrypt/bindings/python/{release.sh → scripts/release.sh}

@@ -15,14 +15,19 @@
 set -o xtrace   # Write all commands first to stderr
 set -o errexit  # Exit the script with error if any of the commands fail
 
+SCRIPT_DIR=$(dirname ${BASH_SOURCE:-$0})
+
 # The libmongocrypt git revision release to embed in our wheels.
-LIBMONGOCRYPT_VERSION=$(cat ./libmongocrypt-version.txt)
+LIBMONGOCRYPT_VERSION=$(cat $SCRIPT_DIR/libmongocrypt-version.txt)
 REVISION=$(git rev-list -n 1 $LIBMONGOCRYPT_VERSION)
 # The libmongocrypt release branch.
-BRANCH="r1.12"
+MINOR_VERSION=$(echo $LIBMONGOCRYPT_VERSION | cut -d. -f1,2)
+BRANCH="r${MINOR_VERSION}"
 # The python executable to use.
 PYTHON=${PYTHON:-python}
 
+pushd $SCRIPT_DIR/..
+
 # Clean slate.
 rm -rf dist .venv build libmongocrypt pymongocrypt/*.so pymongocrypt/*.dll pymongocrypt/*.dylib
 
@@ -48,7 +53,7 @@ function build_wheel() {
 function build_manylinux_wheel() {
     python -m pip install unasync
     docker pull $1
-    docker run --rm -v `pwd`:/python $1 /python/build-manylinux-wheel.sh
+    docker run --rm -v `pwd`:/python $1 /python/scripts/build-manylinux-wheel.sh
     # Sudo is needed to remove the files created by docker.
     sudo rm -rf build libmongocrypt pymongocrypt/*.so pymongocrypt/*.dll pymongocrypt/*.dylib
 }
@@ -126,3 +131,4 @@ if [ $(command -v docker) ]; then
 fi
 
 ls -ltr dist
+popd

data/ext/libmongocrypt/libmongocrypt/bindings/python/{synchro.py → scripts/synchro.py}

@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import os
+import sys
 from os import listdir
 from pathlib import Path
 
@@ -27,12 +29,14 @@ replacements = {
     "aclose": "close",
 }
 
-_base = "pymongocrypt"
+ROOT = Path(__file__).absolute().parent.parent
+
+_base = ROOT / "pymongocrypt"
 
 async_files = [
-    f"./{_base}/asynchronous/{f}"
-    for f in listdir("pymongocrypt/asynchronous")
-    if (Path(_base) / "asynchronous" / f).is_file()
+    f"{_base}/asynchronous/{f}"
+    for f in listdir(f"{_base}/asynchronous")
+    if (_base / "asynchronous" / f).is_file()
 ]
 
 
@@ -40,20 +44,23 @@ unasync_files(
     async_files,
     [
         Rule(
-            fromdir="/pymongocrypt/asynchronous/",
-            todir="/pymongocrypt/synchronous/",
+            fromdir=f"{_base}/asynchronous/",
+            todir=f"{_base}/synchronous/",
             additional_replacements=replacements,
         )
     ],
 )
 
 sync_files = [
-    f"./{_base}/synchronous/{f}"
-    for f in listdir("pymongocrypt/synchronous")
-    if (Path(_base) / "synchronous" / f).is_file()
+    f"{_base}/synchronous/{f}"
+    for f in listdir(f"{_base}/synchronous")
+    if (_base / "synchronous" / f).is_file()
 ]
 
+modified_files = [f"./{f}" for f in sys.argv[1:]]
 for file in sync_files:
+    if file in modified_files and "OVERRIDE_SYNCHRO_CHECK" not in os.environ:
+        raise ValueError(f"Refusing to overwrite {file}")
     with open(file, "r+") as f:
         lines = f.readlines()
         for i in range(len(lines)):

data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/synchro.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -eu
+
+SCRIPT_DIR=$(dirname ${BASH_SOURCE:-$0})
+
+python $SCRIPT_DIR/synchro.py "$@"
+python -m ruff check $SCRIPT_DIR/../pymongocrypt/synchronous --fix --silent