diff --git a/openldap-libldap-fix-double-sb_close-when-first-TLS.patch b/openldap-libldap-fix-double-sb_close-when-first-TLS.patch new file mode 100644 index 0000000..95ce55b --- /dev/null +++ b/openldap-libldap-fix-double-sb_close-when-first-TLS.patch @@ -0,0 +1,25 @@ +From 2b842a7eed3c299659bf7ede341fc1d6d281b603 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Florin=20Cri=C8=99an?= +Date: Wed, 20 Sep 2023 16:06:09 +0300 +Subject: [PATCH] ITS#10101 libldap: fix double sb_close when first TLS + connection fails + +--- + libraries/libldap/open.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c +index f1c7b9d031..b90b3ca181 100644 +--- a/libraries/libldap/open.c ++++ b/libraries/libldap/open.c +@@ -480,6 +480,7 @@ ldap_int_open_connection( + LDAP_MUTEX_UNLOCK( &lo->ldo_mutex ); + } + ber_int_sb_close( conn->lconn_sb ); ++ ber_int_sb_destroy( conn->lconn_sb ); + return -1; + } + } +-- +2.47.1 + diff --git a/openldap-plug-descriptor-leak-if-ldaps-connect-fails.patch b/openldap-plug-descriptor-leak-if-ldaps-connect-fails.patch new file mode 100644 index 0000000..2c68e6f --- /dev/null +++ b/openldap-plug-descriptor-leak-if-ldaps-connect-fails.patch @@ -0,0 +1,24 @@ +From a64febc5c646952773e6195ab1ec54ef63deb73a Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Sat, 11 Jan 2020 04:16:01 +0000 +Subject: [PATCH 001/336] ITS#9147 plug descriptor leak if ldaps connect fails + +--- + libraries/libldap/open.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c +index 4e0f9f8028..cde157b079 100644 +--- a/libraries/libldap/open.c ++++ b/libraries/libldap/open.c +@@ -476,6 +476,7 @@ ldap_int_open_connection( + } + LDAP_MUTEX_UNLOCK( &lo->ldo_mutex ); + } ++ ber_int_sb_close( conn->lconn_sb ); + return -1; + } + } +-- +2.47.1 + diff --git a/openldap.spec b/openldap.spec index 2e0077a..04ffb8e 100644 --- a/openldap.spec +++ b/openldap.spec @@ -5,7 +5,7 @@ Name: openldap Version: 2.4.46 -Release: 20%{?dist} +Release: 21%{?dist} Summary: LDAP support libraries License: OpenLDAP URL: http://www.openldap.org/ @@ -61,6 +61,8 @@ Patch64: openldap-change-TLS_REQSAN-default-to-TRY.patch Patch65: openldap-cbinding-fix-openssl-digest.patch Patch66: 0001-ITS-9904-ldap_url_parsehosts-check-for-strdup-failur.patch Patch67: 0001-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch +Patch68: openldap-plug-descriptor-leak-if-ldaps-connect-fails.patch +Patch69: openldap-libldap-fix-double-sb_close-when-first-TLS.patch # check-password module specific patches Patch90: check-password-makefile.patch @@ -159,6 +161,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch65 -p1 %patch66 -p1 %patch67 -p1 +%patch68 -p1 +%patch69 -p1 # build smbk5pwd with other overlays ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays @@ -528,6 +532,10 @@ exit 0 %{_mandir}/man3/* %changelog +* Fri Jan 24 2024 Simon Pichugin - 2.4.46-21 +- Bump version to 2.4.46-21 +- Resolves: RHEL-75823 - Fix double file close when first TLS connection fails + * Wed Jul 3 2024 Simon Pichugin - 2.4.46-20 - Bump version to 2.4.46-20 - Resolves: RHEL-35538 - Fix OpenSSL channel binding digest