diff --git a/openldap-tls-unbind-shutdown-order.patch b/openldap-tls-unbind-shutdown-order.patch new file mode 100644 index 0000000..60162f7 --- /dev/null +++ b/openldap-tls-unbind-shutdown-order.patch @@ -0,0 +1,37 @@ +unbind: free socket prior to destroying TLS context + +Author: Jan Vcelak +Resolves: #808464 +Upstream ITS: #7241 +Upstream commit: 221531b31a02c162c60c7d4491169855454c1ee0 + +--- + libraries/libldap/unbind.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libraries/libldap/unbind.c b/libraries/libldap/unbind.c +index 35a92a8..82bc12d 100644 +--- a/libraries/libldap/unbind.c ++++ b/libraries/libldap/unbind.c +@@ -129,6 +129,9 @@ ldap_ld_free( + ld->ld_abandoned = NULL; + } + LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex ); ++ ++ ber_sockbuf_free( ld->ld_sb ); ++ + LDAP_MUTEX_LOCK( &ld->ld_ldopts_mutex ); + + /* final close callbacks */ +@@ -217,8 +220,6 @@ ldap_ld_free( + } + LDAP_MUTEX_UNLOCK( &ld->ld_ldopts_mutex ); + +- ber_sockbuf_free( ld->ld_sb ); +- + #ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_destroy( &ld->ld_msgid_mutex ); + ldap_pvt_thread_mutex_destroy( &ld->ld_conn_mutex ); +-- +1.7.10.4 + diff --git a/openldap.spec b/openldap.spec index 3c8dbbc..aebaa3c 100644 --- a/openldap.spec +++ b/openldap.spec @@ -40,6 +40,7 @@ Patch8: openldap-syncrepl-unset-tls-options.patch Patch9: openldap-constraint-count.patch Patch10: openldap-man-sasl-nocanon.patch Patch11: openldap-nss-allow-ca-dbdir-pemfile.patch +Patch12: openldap-tls-unbind-shutdown-order.patch # Fedora specific patches Patch100: openldap-fedora-systemd.patch @@ -147,6 +148,7 @@ pushd openldap-%{version} %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %patch100 -p1 @@ -660,6 +662,7 @@ exit 0 %changelog * Wed Jun 27 2012 Jan Vcelak 2.4.31-3 - update fix: count constraint broken when using multiple modifications (#795766) +- fix: invalid order of TLS shutdown operations (#808464) * Fri May 18 2012 Jan Vcelak 2.4.31-2 - fix: nss-tools package is required by the base package, not the server subpackage