fix: invalid order of TLS shutdown operations

Resolves: #808465

openldap-tls-unbind-shutdown-order.patch

@@ -0,0 +1,37 @@
+unbind: free socket prior to destroying TLS context
+
+Author: Jan Vcelak <jvcelak@redhat.com>
+Resolves: #808464
+Upstream ITS: #7241
+Upstream commit: 221531b31a02c162c60c7d4491169855454c1ee0
+
+---
+ libraries/libldap/unbind.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libraries/libldap/unbind.c b/libraries/libldap/unbind.c
+index 35a92a8..82bc12d 100644
+--- a/libraries/libldap/unbind.c
++++ b/libraries/libldap/unbind.c
+@@ -129,6 +129,9 @@ ldap_ld_free(
+ 		ld->ld_abandoned = NULL;
+ 	}
+ 	LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
++
++	ber_sockbuf_free( ld->ld_sb );
++
+ 	LDAP_MUTEX_LOCK( &ld->ld_ldopts_mutex );
+ 
+ 	/* final close callbacks */
+@@ -217,8 +220,6 @@ ldap_ld_free(
+ 	}
+ 	LDAP_MUTEX_UNLOCK( &ld->ld_ldopts_mutex );
+ 
+-	ber_sockbuf_free( ld->ld_sb );   
+-   
+ #ifdef LDAP_R_COMPILE
+ 	ldap_pvt_thread_mutex_destroy( &ld->ld_msgid_mutex );
+ 	ldap_pvt_thread_mutex_destroy( &ld->ld_conn_mutex );
+-- 
+1.7.10.4
+

openldap.spec

@@ -40,6 +40,7 @@ Patch8: openldap-syncrepl-unset-tls-options.patch
 Patch9: openldap-constraint-count.patch
 Patch10: openldap-man-sasl-nocanon.patch
 Patch11: openldap-nss-allow-ca-dbdir-pemfile.patch
+Patch12: openldap-tls-unbind-shutdown-order.patch
 
 # Fedora specific patches
 Patch100: openldap-fedora-systemd.patch
@@ -147,6 +148,7 @@ pushd openldap-%{version}
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 %patch100 -p1
 
@@ -660,6 +662,7 @@ exit 0
 %changelog
 * Wed Jun 27 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-3
 - update fix: count constraint broken when using multiple modifications (#795766)
+- fix: invalid order of TLS shutdown operations (#808464)
 
 * Fri May 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-2
 - fix: nss-tools package is required by the base package, not the server subpackage