From bbb219468264e97c079d2c94032754b77da86dc2 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Mon, 11 Oct 2021 20:07:33 +0000
Subject: [PATCH] Update for 2.5.8-1

---
 debian/changelog             |  6 +++
 debian/patches/ITS6467.patch | 24 -----------
 debian/patches/ITS9696.patch | 84 ------------------------------------
 debian/patches/series        |  2 -
 4 files changed, 6 insertions(+), 110 deletions(-)
 delete mode 100644 debian/patches/ITS6467.patch
 delete mode 100644 debian/patches/ITS9696.patch

diff --git a/debian/changelog b/debian/changelog
index af021ef0b1..17a918abd2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+symas-openldap (2.5.8-1bionic1) bionic; urgency=medium
+
+  * OpenLDAP 2.5.7 release
+
+ -- Symas Support <support@symas.com>  Mon, 11 Oct 2021 18:59:27 +0000
+
 symas-openldap (2.5.7-2bionic1) bionic; urgency=medium
 
   * Fix memory leak in sessionlog parsing (ITS#6467)
diff --git a/debian/patches/ITS6467.patch b/debian/patches/ITS6467.patch
deleted file mode 100644
index 1b3bdaa7c6..0000000000
--- a/debian/patches/ITS6467.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From a00ec090bdcdfdb390ace2238f581ad147e5974f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
-Date: Tue, 1 Jun 2021 13:56:58 +0100
-Subject: [PATCH] ITS#6467 Free uuid list after we're finished
-
----
- servers/slapd/overlays/syncprov.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
-index 3ec8e5a24..5eba1b3ff 100644
---- a/servers/slapd/overlays/syncprov.c
-+++ b/servers/slapd/overlays/syncprov.c
-@@ -2334,6 +2334,7 @@ syncprov_play_accesslog( Operation *op, SlapReply *rs, sync_control *srs,
- 
- 	rc = fop.o_bd->be_search( &fop, &frs );
- 
-+	ldap_avl_free( uuid_progress.uuids, NULL );
- 	fop.o_tmpfree( uuid_progress.uuid_buf, fop.o_tmpmemctx );
- 	fop.o_tmpfree( uuid_progress.uuid_list, fop.o_tmpmemctx );
- 	fop.o_tmpfree( fop.ors_filterstr.bv_val, fop.o_tmpmemctx );
--- 
-2.33.0
-
diff --git a/debian/patches/ITS9696.patch b/debian/patches/ITS9696.patch
deleted file mode 100644
index e0482beed9..0000000000
--- a/debian/patches/ITS9696.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 927e0ec6eca606aee03a948bf5a8ea0f9ec46e20 Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc@openldap.org>
-Date: Wed, 15 Sep 2021 13:03:13 +0100
-Subject: [PATCH] ITS#9696 plug peercert memleak
-
----
- libraries/libldap/tls_o.c | 31 +++++++++++++++++++++----------
- 1 file changed, 21 insertions(+), 10 deletions(-)
-
-diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
-index 92f70afc6..a2273b02e 100644
---- a/libraries/libldap/tls_o.c
-+++ b/libraries/libldap/tls_o.c
-@@ -1032,9 +1032,11 @@ tlso_session_endpoint( tls_session *sess, struct berval *buf, int is_server )
- 		md = EVP_sha256();
- 
- 	if ( !X509_digest( cert, md, (unsigned char *) (buf->bv_val), &md_len ))
--		return 0;
-+		md_len = 0;
- 
- 	buf->bv_len = md_len;
-+	if ( !is_server )
-+		X509_free( cert );
- 
- 	return md_len;
- }
-@@ -1057,15 +1059,19 @@ static int
- tlso_session_peercert( tls_session *sess, struct berval *der )
- {
- 	tlso_session *s = (tlso_session *)sess;
--	unsigned char *ptr;
-+	int ret = -1;
- 	X509 *x = SSL_get_peer_certificate(s);
--	der->bv_len = i2d_X509(x, NULL);
--	der->bv_val = LDAP_MALLOC(der->bv_len);
--	if ( !der->bv_val )
--		return -1;
--	ptr = (unsigned char *) (der->bv_val);
--	i2d_X509(x, &ptr);
--	return 0;
-+	if ( x ) {
-+		der->bv_len = i2d_X509(x, NULL);
-+		der->bv_val = LDAP_MALLOC(der->bv_len);
-+		if ( der->bv_val ) {
-+			unsigned char *ptr = (unsigned char *) (der->bv_val);
-+			i2d_X509(x, &ptr);
-+			ret = 0;
-+		}
-+		X509_free( x );
-+	}
-+	return ret;
- }
- 
- static int
-@@ -1078,13 +1084,17 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
- 	X509 *cert = SSL_get_peer_certificate(s);
- 	int len, rc = LDAP_SUCCESS;
- 
-+	if ( !cert )
-+		return -1;
-+
- 	len = i2d_X509_PUBKEY( X509_get_X509_PUBKEY(cert), NULL );
- 
- 	tmp = LDAP_MALLOC( len );
- 	key.bv_val = (char *) tmp;
- 
- 	if ( !key.bv_val ) {
--		return -1;
-+		rc = -1;
-+		goto done;
- 	}
- 
- 	key.bv_len = i2d_X509_PUBKEY( X509_get_X509_PUBKEY(cert), &tmp );
-@@ -1138,6 +1148,7 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
- 
- done:
- 	LDAP_FREE( key.bv_val );
-+	X509_free( cert );
- 	return rc;
- }
- 
--- 
-2.33.0
-
diff --git a/debian/patches/series b/debian/patches/series
index d28a0abbfc..0a83498db7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,3 @@
 Install-slapd-watcher.patch
 passwd.patch
 ITS9616.patch
-ITS6467.patch
-ITS9696.patch
-- 
GitLab