diff --git a/openldap-nss-pk11-freeslot.patch b/openldap-nss-pk11-freeslot.patch new file mode 100644 index 0000000..9ac541d --- /dev/null +++ b/openldap-nss-pk11-freeslot.patch @@ -0,0 +1,27 @@ +Resolves: #929357 + +From 6330d1b87a45b447f33fe8ffd6fbbce9e60bb0ec Mon Sep 17 00:00:00 2001 +From: Rich Megginson +Date: Thu, 28 Mar 2013 19:05:02 -0600 +Subject: [PATCH] must call PK11_FreeSlot after SECMOD_CloseUserDB to remove ref to slot + +--- + libraries/libldap/tls_m.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c +index 072d41d..c59d303 100644 +--- a/libraries/libldap/tls_m.c ++++ b/libraries/libldap/tls_m.c +@@ -2063,6 +2063,8 @@ tlsm_ctx_free ( tls_ctx *ctx ) + "TLS: could not close certdb slot - error %d:%s.\n", + errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + } ++ PK11_FreeSlot( c->tc_certdb_slot ); ++ c->tc_certdb_slot = NULL; + } + PL_strfree( c->tc_pin_file ); + c->tc_pin_file = NULL; +-- +1.7.1 + diff --git a/openldap.spec b/openldap.spec index 2aee1b6..a2d4c26 100644 --- a/openldap.spec +++ b/openldap.spec @@ -46,6 +46,7 @@ Patch12: openldap-tls-no-reuse-of-tls_session.patch Patch13: openldap-nss-regex-search-hashed-cacert-dir.patch Patch14: openldap-nss-ignore-certdb-type-prefix.patch Patch15: openldap-nss-certs-from-certdb-fallback-pem.patch +Patch16: openldap-nss-pk11-freeslot.patch # Fedora specific patches Patch100: openldap-autoconf-pkgconfig-nss.patch @@ -164,6 +165,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 %patch102 -p1 @@ -647,6 +649,7 @@ exit 0 * Tue Apr 02 2013 Jan Synáček 2.4.35-1 - new upstream release (#947235) - fix: slapd.service should ensure that network is up before starting (#946921) +- fix: NSS related resource leak (#929357) * Mon Mar 18 2013 Jan Synáček 2.4.34-2 - fix: syncrepl push DELETE operation does not recover (#920482)