From 31026088da807ac30c51b663d78bea818de583f4 Mon Sep 17 00:00:00 2001
From: Jan Vcelak <jvcelak@redhat.com>
Date: Mon, 13 Feb 2012 13:07:11 +0100
Subject: [PATCH] new upstream release (2.4.29)

---
 .gitignore                                   |   1 +
 openldap-nss-deferred-init-copy-params.patch | 125 -------------------
 openldap-nss-segfault-key-not-set.patch      |  22 ----
 openldap.spec                                |  18 +--
 sources                                      |   2 +-
 5 files changed, 11 insertions(+), 157 deletions(-)
 delete mode 100644 openldap-nss-deferred-init-copy-params.patch
 delete mode 100644 openldap-nss-segfault-key-not-set.patch

diff --git a/.gitignore b/.gitignore
index 4199374..1aff779 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /openldap-2.4.28.tgz
+/openldap-2.4.29.tgz
diff --git a/openldap-nss-deferred-init-copy-params.patch b/openldap-nss-deferred-init-copy-params.patch
deleted file mode 100644
index 7c45e92..0000000
--- a/openldap-nss-deferred-init-copy-params.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-Replication (syncrepl) with TLS causes segfault
-
-Upstream ITS: #7136
-Upstrem commit: 4e9926ca9719a0dab8c780d3d2f4cf4bfc03bfdc
-Resolves: #783431
-Author: Jan Vcelak <jvcelak@redhat.com>
-
-diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
-index da230c5..092b59f 100644
---- a/libraries/libldap/tls_m.c
-+++ b/libraries/libldap/tls_m.c
-@@ -1960,6 +1960,66 @@ tlsm_destroy( void )
- #endif
- }
- 
-+static struct ldaptls *
-+tlsm_copy_config ( const struct ldaptls *config )
-+{
-+	struct ldaptls *copy;
-+
-+	assert(config);
-+
-+	copy = LDAP_MALLOC(sizeof(*copy));
-+	if (!copy)
-+		return NULL;
-+
-+	memset(copy, 0, sizeof(*copy));
-+
-+	if (config->lt_certfile)
-+		copy->lt_certfile = LDAP_STRDUP(config->lt_certfile);
-+	if (config->lt_keyfile)
-+		copy->lt_keyfile = LDAP_STRDUP(config->lt_keyfile);
-+	if (config->lt_dhfile)
-+		copy->lt_dhfile = LDAP_STRDUP(config->lt_dhfile);
-+	if (config->lt_cacertfile)
-+		copy->lt_cacertfile = LDAP_STRDUP(config->lt_cacertfile);
-+	if (config->lt_cacertdir)
-+		copy->lt_cacertdir = LDAP_STRDUP(config->lt_cacertdir);
-+	if (config->lt_ciphersuite)
-+		copy->lt_ciphersuite = LDAP_STRDUP(config->lt_ciphersuite);
-+	if (config->lt_crlfile)
-+		copy->lt_crlfile = LDAP_STRDUP(config->lt_crlfile);
-+	if (config->lt_randfile)
-+		copy->lt_randfile = LDAP_STRDUP(config->lt_randfile);
-+
-+	copy->lt_protocol_min = config->lt_protocol_min;
-+
-+	return copy;
-+}
-+
-+static void
-+tlsm_free_config ( struct ldaptls *config )
-+{
-+	assert(config);
-+
-+	if (config->lt_certfile)
-+		LDAP_FREE(config->lt_certfile);
-+	if (config->lt_keyfile)
-+		LDAP_FREE(config->lt_keyfile);
-+	if (config->lt_dhfile)
-+		LDAP_FREE(config->lt_dhfile);
-+	if (config->lt_cacertfile)
-+		LDAP_FREE(config->lt_cacertfile);
-+	if (config->lt_cacertdir)
-+		LDAP_FREE(config->lt_cacertdir);
-+	if (config->lt_ciphersuite)
-+		LDAP_FREE(config->lt_ciphersuite);
-+	if (config->lt_crlfile)
-+		LDAP_FREE(config->lt_crlfile);
-+	if (config->lt_randfile)
-+		LDAP_FREE(config->lt_randfile);
-+
-+	LDAP_FREE(config);
-+}
-+
- static tls_ctx *
- tlsm_ctx_new ( struct ldapoptions *lo )
- {
-@@ -1971,7 +2031,7 @@ tlsm_ctx_new ( struct ldapoptions *lo )
- #ifdef LDAP_R_COMPILE
- 		ldap_pvt_thread_mutex_init( &ctx->tc_refmutex );
- #endif
--		ctx->tc_config = &lo->ldo_tls_info; /* pointer into lo structure - must have global scope and must not go away before we can do real init */
-+		ctx->tc_config = NULL; /* populated later by tlsm_ctx_init */
- 		ctx->tc_certdb = NULL;
- 		ctx->tc_certname = NULL;
- 		ctx->tc_pin_file = NULL;
-@@ -2038,6 +2098,10 @@ tlsm_ctx_free ( tls_ctx *ctx )
- #ifdef LDAP_R_COMPILE
- 	ldap_pvt_thread_mutex_destroy( &c->tc_refmutex );
- #endif
-+
-+	if ( c->tc_config )
-+		tlsm_free_config( c->tc_config );
-+
- 	LDAP_FREE( c );
- }
- 
-@@ -2048,6 +2112,7 @@ static int
- tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
- {
- 	tlsm_ctx *ctx = (tlsm_ctx *)lo->ldo_tls_ctx;
-+	ctx->tc_config = tlsm_copy_config(lt);
- 	ctx->tc_is_server = is_server;
- 
- 	return 0;
-@@ -2067,7 +2132,7 @@ tlsm_deferred_ctx_init( void *arg )
- 
- 	if ( tlsm_deferred_init( ctx ) ) {
- 	    Debug( LDAP_DEBUG_ANY,
--			   "TLS: could perform TLS system initialization.\n",
-+			   "TLS: could not perform TLS system initialization.\n",
- 			   0, 0, 0 );
- 	    return -1;
- 	}
-@@ -2333,6 +2398,9 @@ tlsm_deferred_ctx_init( void *arg )
- 		return -1;
- 	}
- 
-+	tlsm_free_config( ctx->tc_config );
-+	ctx->tc_config = NULL;
-+
- 	return 0;
- }
- 
diff --git a/openldap-nss-segfault-key-not-set.patch b/openldap-nss-segfault-key-not-set.patch
deleted file mode 100644
index 5511225..0000000
--- a/openldap-nss-segfault-key-not-set.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-MozNSS + PEM: fix segfault when TLS certificate key is not set
-
-Upstream ITS: #7135
-Upstream commit: 1107103dd7e767db9c080b3276cb6e742fcf36a1
-Resolves: #772890
-Author: Jan Vcelak <jvcelak@redhat.com>
-
-diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
-index 09348b7..da230c5 100644
---- a/libraries/libldap/tls_m.c
-+++ b/libraries/libldap/tls_m.c
-@@ -2267,8 +2267,8 @@ tlsm_deferred_ctx_init( void *arg )
- 		}
- 	} else { /* set up secure server */
- 		SSLKEAType certKEA;
--		CERTCertificate *serverCert;
--		SECKEYPrivateKey *serverKey;
-+		CERTCertificate *serverCert = NULL;
-+		SECKEYPrivateKey *serverKey = NULL;
- 		SECStatus status;
- 
- 		/* must have a certificate for the server to use */
diff --git a/openldap.spec b/openldap.spec
index ed3d1c2..8ac6782 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -5,8 +5,8 @@
 %global evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
 
 Name: openldap
-Version: 2.4.28
-Release: 3%{?dist}
+Version: 2.4.29
+Release: 1%{?dist}
 Summary: LDAP support libraries
 Group: System Environment/Daemons
 License: OpenLDAP
@@ -33,8 +33,6 @@ Patch5: openldap-ldaprc-currentdir.patch
 Patch6: openldap-userconfig-setgid.patch
 Patch7: openldap-dns-priority.patch
 Patch8: openldap-syncrepl-unset-tls-options.patch
-Patch9: openldap-nss-deferred-init-copy-params.patch
-Patch10: openldap-nss-segfault-key-not-set.patch
 
 # Fedora specific patches
 Patch100: openldap-fedora-systemd.patch
@@ -136,8 +134,6 @@ pushd openldap-%{version}
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
-%patch9 -p1
-%patch10 -p1
 
 %patch100 -p1
 
@@ -386,9 +382,6 @@ rm -f %{buildroot}%{_libdir}/openldap/*.so
 rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example
 rmdir %{buildroot}%{_localstatedir}/openldap-data
 
-%clean 
-rm -rf %{buildroot}
-
 %post -p /sbin/ldconfig
 
 %postun -p /sbin/ldconfig
@@ -653,6 +646,13 @@ exit 0
 %{evolution_connector_prefix}/
 
 %changelog
+* Mon Feb 13 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.29-1
+- new upstream release
+  + MozNSS fixes
+  + connection handling fixes
+  + server: buxfixes in mdb backend
+  + server: buxfixes in overlays (syncrepl, meta, monitor, perl, sql, dds, rwm)
+
 * Tue Jan 31 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.28-3
 - fix: replication (syncrepl) with TLS causes segfault (#783431)
 - fix: slapd segfaults when PEM certificate is used and key is not set (#772890)
diff --git a/sources b/sources
index 3c387a0..d5bff83 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-196023e552eeb259e048edcd61a9645b  openldap-2.4.28.tgz
+9821ee7d3316c55030106589a6adb26e  openldap-2.4.29.tgz