From d767805554581a287f9efb2223419dc8034cd670 Mon Sep 17 00:00:00 2001
From: anonymous_z <zhangrui182@huawei.com>
Date: Mon, 28 Jun 2021 15:01:07 +0800
Subject: [PATCH 1/6] fix context entry delete failed.

---
 ...back-mdb-fix-delete-of-context-entry.patch | 117 ++++++++++++++++++
 add-test-log.patch                            |  14 +++
 openldap.spec                                 |  12 +-
 3 files changed, 142 insertions(+), 1 deletion(-)
 create mode 100644 ITS-9531-back-mdb-fix-delete-of-context-entry.patch
 create mode 100644 add-test-log.patch

diff --git a/ITS-9531-back-mdb-fix-delete-of-context-entry.patch b/ITS-9531-back-mdb-fix-delete-of-context-entry.patch
new file mode 100644
index 0000000..22be10a
--- /dev/null
+++ b/ITS-9531-back-mdb-fix-delete-of-context-entry.patch
@@ -0,0 +1,117 @@
+From 0c90b8c0011fdb80fc2f8a2d7192f8b40217c7e3 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 26 Apr 2021 18:27:40 +0100
+Subject: [PATCH] ITS#9531 back-mdb: fix delete of context entry
+ Conflict:NA
+Reference:https://git.openldap.org/openldap/openldap/commit/0c90b8c0011fdb80fc2f8a2d7192f8b40217c7e3
+ We already checked if attempting to delete the suffix, but
+didn't skip the parent check as we should have.
+---
+ servers/slapd/back-mdb/delete.c | 83 +++++++++++++++++----------------
+ 1 file changed, 42 insertions(+), 41 deletions(-)
+ diff --git a/servers/slapd/back-mdb/delete.c b/servers/slapd/back-mdb/delete.c
+index 7dab5ee8f1..12ec56d904 100644
+--- a/servers/slapd/back-mdb/delete.c
++++ b/servers/slapd/back-mdb/delete.c
+@@ -71,57 +71,58 @@ mdb_delete( Operation *op, SlapReply *rs )
+ 		slap_get_csn( op, &csn, 1 );
+ 	}
+ 
+-	if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
+-		dnParent( &op->o_req_ndn, &pdn );
+-	}
+-
+ 	rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc );
+ 	if ( rs->sr_err ) {
+ 		rs->sr_err = LDAP_OTHER;
+ 		rs->sr_text = "internal error";
+ 		goto return_results;
+ 	}
+-	/* get parent */
+-	rs->sr_err = mdb_dn2entry( op, txn, mc, &pdn, &p, NULL, 1 );
+-	switch( rs->sr_err ) {
+-	case 0:
+-	case MDB_NOTFOUND:
+-		break;
+-	case LDAP_BUSY:
+-		rs->sr_text = "ldap server busy";
+-		goto return_results;
+-	default:
+-		rs->sr_err = LDAP_OTHER;
+-		rs->sr_text = "internal error";
+-		goto return_results;
+-	}
+-	if ( rs->sr_err == MDB_NOTFOUND ) {
+-		Debug( LDAP_DEBUG_ARGS,
+-			"<=- " LDAP_XSTRING(mdb_delete) ": no such object %s\n",
+-			op->o_req_dn.bv_val, 0, 0);
+ 
+-		if ( p && !BER_BVISEMPTY( &p->e_name )) {
+-			rs->sr_matched = ch_strdup( p->e_name.bv_val );
+-			if ( is_entry_referral( p )) {
+-				BerVarray ref = get_entry_referrals( op, p );
+-				rs->sr_ref = referral_rewrite( ref, &p->e_name,
+-					&op->o_req_dn, LDAP_SCOPE_DEFAULT );
+-				ber_bvarray_free( ref );
++	if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
++		dnParent( &op->o_req_ndn, &pdn );
++
++		/* get parent */
++		rs->sr_err = mdb_dn2entry( op, txn, mc, &pdn, &p, NULL, 1 );
++		switch( rs->sr_err ) {
++		case 0:
++		case MDB_NOTFOUND:
++			break;
++		case LDAP_BUSY:
++			rs->sr_text = "ldap server busy";
++			goto return_results;
++		default:
++			rs->sr_err = LDAP_OTHER;
++			rs->sr_text = "internal error";
++			goto return_results;
++		}
++		if ( rs->sr_err == MDB_NOTFOUND ) {
++			Debug( LDAP_DEBUG_ARGS,
++				"<=- " LDAP_XSTRING(mdb_delete) ": no such object %s\n",
++				op->o_req_dn.bv_val, 0, 0);
++
++			if ( p && !BER_BVISEMPTY( &p->e_name )) {
++				rs->sr_matched = ch_strdup( p->e_name.bv_val );
++				if ( is_entry_referral( p )) {
++					BerVarray ref = get_entry_referrals( op, p );
++					rs->sr_ref = referral_rewrite( ref, &p->e_name,
++						&op->o_req_dn, LDAP_SCOPE_DEFAULT );
++					ber_bvarray_free( ref );
++				} else {
++					rs->sr_ref = NULL;
++				}
+ 			} else {
+-				rs->sr_ref = NULL;
++				rs->sr_ref = referral_rewrite( default_referral, NULL,
++						&op->o_req_dn, LDAP_SCOPE_DEFAULT );
++			}
++			if ( p ) {
++				mdb_entry_return( op, p );
++				p = NULL;
+ 			}
+-		} else {
+-			rs->sr_ref = referral_rewrite( default_referral, NULL,
+-					&op->o_req_dn, LDAP_SCOPE_DEFAULT );
+-		}
+-		if ( p ) {
+-			mdb_entry_return( op, p );
+-			p = NULL;
+-		}
+ 
+-		rs->sr_err = LDAP_REFERRAL;
+-		rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
+-		goto return_results;
++			rs->sr_err = LDAP_REFERRAL;
++			rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED;
++			goto return_results;
++		}
+ 	}
+ 
+ 	/* get entry */
+-- 
+GitLab
diff --git a/add-test-log.patch b/add-test-log.patch
new file mode 100644
index 0000000..49f5f63
--- /dev/null
+++ b/add-test-log.patch
@@ -0,0 +1,14 @@
+diff -urNp a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist
+--- a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
++++ b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist	2021-06-28 14:55:05.563974494 +0800
+@@ -50,8 +50,9 @@ sleep 1
+ echo "Using ldapsearch to check that provider slapd is running..."
+ for i in 0 1 2 3 4 5; do
+ 	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+-		'objectclass=*' > /dev/null 2>&1
++		'objectclass=*'
+ 	RC=$?
++        echo "zhangrui: $RC"
+ 	if test $RC = 0 ; then
+ 		break
+ 	fi
diff --git a/openldap.spec b/openldap.spec
index 6fd22c8..e4890b8 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -2,7 +2,7 @@
 
 Name:           openldap
 Version:        2.4.50
-Release:        7
+Release:        8
 Summary:        LDAP support libraries
 License:        OpenLDAP
 URL:            https://www.openldap.org/
@@ -62,6 +62,8 @@ Patch41:	backport-Fix-test-suite.patch
 Patch42:	backport-ITS-9010-regenerate-configure.patch
 Patch43:	backport-ITS-9010-More-BDB-HDB-cleanup.patch
 Patch44:	CVE-2021-27212.patch
+Patch45:        ITS-9531-back-mdb-fix-delete-of-context-entry.patch
+Patch46:        add-test-log.patch
 
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
@@ -172,6 +174,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch42 -p1
 %patch43 -p1
 %patch44 -p1
+%patch45 -p1
+%patch46 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -451,6 +455,12 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Mon Jun 28 2021 anonymous_z <zhangrui182@huawei.com> - 2.4.50-8
+- Type:bugfix
+- ID:NA
+- SUG:restart
+- DESC:fix shutdown leak and context entry delete failed.
+
 * Sat Feb 27 2021 orange-snn <songnannan2@huawei.com> - 2.4.50-7
 - fix CVE-2021-27212
 
-- 
Gitee


From c56d4968300ecebe8619c073f1da7fe518f01526 Mon Sep 17 00:00:00 2001
From: anonymous_z <zhangrui182@huawei.com>
Date: Mon, 28 Jun 2021 15:50:25 +0800
Subject: [PATCH 2/6] fix context entry delete failed.

---
 add-test-log.patch | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/add-test-log.patch b/add-test-log.patch
index 49f5f63..6087a69 100644
--- a/add-test-log.patch
+++ b/add-test-log.patch
@@ -1,6 +1,6 @@
 diff -urNp a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist
---- a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
-+++ b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist	2021-06-28 14:55:05.563974494 +0800
+--- a/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
++++ b/tests/scripts/test018-syncreplication-persist	2021-06-28 14:55:05.563974494 +0800
 @@ -50,8 +50,9 @@ sleep 1
  echo "Using ldapsearch to check that provider slapd is running..."
  for i in 0 1 2 3 4 5; do
-- 
Gitee


From 9e6aec9622b95becc7a7ba8e45c90bfabf4834d0 Mon Sep 17 00:00:00 2001
From: anonymous_z <zhangrui182@huawei.com>
Date: Mon, 28 Jun 2021 17:08:28 +0800
Subject: [PATCH 3/6] fix context entry delete failed.

---
 add-test-log.patch | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/add-test-log.patch b/add-test-log.patch
index 6087a69..4f1b9f2 100644
--- a/add-test-log.patch
+++ b/add-test-log.patch
@@ -1,6 +1,6 @@
-diff -urNp a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist
---- a/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
-+++ b/tests/scripts/test018-syncreplication-persist	2021-06-28 14:55:05.563974494 +0800
+diff -urNp a/tests/scripts/test018-syncreplication-persist b/tests/scripts/test018-syncreplication-persist
+--- a/tests/scripts/test018-syncreplication-persist	2021-06-28 17:07:36.572542178 +0800
++++ b/tests/scripts/test018-syncreplication-persist	2021-06-28 17:01:42.717275034 +0800
 @@ -50,8 +50,9 @@ sleep 1
  echo "Using ldapsearch to check that provider slapd is running..."
  for i in 0 1 2 3 4 5; do
@@ -12,3 +12,19 @@ diff -urNp a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist b/ope
  	if test $RC = 0 ; then
  		break
  	fi
+@@ -146,10 +147,13 @@ echo "Filtering consumer results..."
+ $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+ 
+ echo "Comparing retrieved entries from provider and consumer..."
+-$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+-
++$CMP $MASTERFLT $SLAVEFLT
++res=$?
++echo "zhangrui : $res"
+ if test $res != 0 ; then
+ 	echo "test failed - provider and consumer databases differ"
++        echo "zhangrui: $KILLSERVERS"
++        echo "zhangrui: $KILLPIDS"
+ 	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ 	exit 1
+ fi
-- 
Gitee


From 324c9e29c456bc746f4a07dbc1909d8ae43d9949 Mon Sep 17 00:00:00 2001
From: anonymous_z <zhangrui182@huawei.com>
Date: Mon, 28 Jun 2021 19:37:28 +0800
Subject: [PATCH 4/6] fix context entry delete failed.

---
 add-test-log.patch | 30 +++++++++---------------------
 1 file changed, 9 insertions(+), 21 deletions(-)

diff --git a/add-test-log.patch b/add-test-log.patch
index 4f1b9f2..85501e3 100644
--- a/add-test-log.patch
+++ b/add-test-log.patch
@@ -1,30 +1,18 @@
-diff -urNp a/tests/scripts/test018-syncreplication-persist b/tests/scripts/test018-syncreplication-persist
---- a/tests/scripts/test018-syncreplication-persist	2021-06-28 17:07:36.572542178 +0800
-+++ b/tests/scripts/test018-syncreplication-persist	2021-06-28 17:01:42.717275034 +0800
-@@ -50,8 +50,9 @@ sleep 1
- echo "Using ldapsearch to check that provider slapd is running..."
- for i in 0 1 2 3 4 5; do
- 	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
--		'objectclass=*' > /dev/null 2>&1
-+		'objectclass=*'
- 	RC=$?
-+        echo "zhangrui: $RC"
- 	if test $RC = 0 ; then
- 		break
- 	fi
-@@ -146,10 +147,13 @@ echo "Filtering consumer results..."
+diff -urNp a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist
+--- a/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
++++ b/tests/scripts/test018-syncreplication-persist	2021-06-28 19:36:30.676814075 +0800
+@@ -146,9 +146,12 @@ echo "Filtering consumer results..."
  $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
  
  echo "Comparing retrieved entries from provider and consumer..."
 -$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
--
 +$CMP $MASTERFLT $SLAVEFLT
 +res=$?
-+echo "zhangrui : $res"
- if test $res != 0 ; then
++echo "zr: $CMP $MASTERFLT $SLAVEFLT"
++echo "zr: $res"
+ 
+-if test $? != 0 ; then
++if test $res != 0 ; then
  	echo "test failed - provider and consumer databases differ"
-+        echo "zhangrui: $KILLSERVERS"
-+        echo "zhangrui: $KILLPIDS"
  	test $KILLSERVERS != no && kill -HUP $KILLPIDS
  	exit 1
- fi
-- 
Gitee


From b6b59f66bbffb842a8957ebb92682141663e0183 Mon Sep 17 00:00:00 2001
From: anonymous_z <zhangrui182@huawei.com>
Date: Mon, 28 Jun 2021 21:11:20 +0800
Subject: [PATCH 5/6] fix context entry delete failed.

---
 add-test-log.patch | 41 +++++++++++++++++++++++++++++++----------
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/add-test-log.patch b/add-test-log.patch
index 85501e3..320ec30 100644
--- a/add-test-log.patch
+++ b/add-test-log.patch
@@ -1,18 +1,39 @@
 diff -urNp a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist
---- a/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
-+++ b/tests/scripts/test018-syncreplication-persist	2021-06-28 19:36:30.676814075 +0800
-@@ -146,9 +146,12 @@ echo "Filtering consumer results..."
+--- a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
++++ b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist	2021-06-28 21:09:51.690952258 +0800
+@@ -146,7 +146,7 @@ echo "Filtering consumer results..."
  $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
  
  echo "Comparing retrieved entries from provider and consumer..."
 -$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
 +$CMP $MASTERFLT $SLAVEFLT
-+res=$?
-+echo "zr: $CMP $MASTERFLT $SLAVEFLT"
-+echo "zr: $res"
  
--if test $? != 0 ; then
-+if test $res != 0 ; then
+ if test $? != 0 ; then
+ 	echo "test failed - provider and consumer databases differ"
+@@ -355,7 +355,7 @@ echo "Filtering consumer results..."
+ $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+ 
+ echo "Comparing retrieved entries from provider and consumer..."
+-$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
++$CMP $MASTERFLT $SLAVEFLT
+ 
+ if test $? != 0 ; then
+ 	echo "test failed - provider and consumer databases differ"
+@@ -452,7 +452,7 @@ echo "Filtering consumer results..."
+ $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+ 
+ echo "Comparing retrieved entries from provider and consumer..."
+-$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
++$CMP $MASTERFLT $SLAVEFLT
+ 
+ if test $? != 0 ; then
+ 	echo "test failed - provider and consumer databases differ"
+@@ -531,7 +531,7 @@ echo "Filtering consumer results..."
+ $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+ 
+ echo "Comparing retrieved entries from provider and consumer..."
+-$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
++$CMP $MASTERFLT $SLAVEFLT
+ 
+ if test $? != 0 ; then
  	echo "test failed - provider and consumer databases differ"
- 	test $KILLSERVERS != no && kill -HUP $KILLPIDS
- 	exit 1
-- 
Gitee


From 6d157394b2be8dd1a9373ab7588f180ac4723ba8 Mon Sep 17 00:00:00 2001
From: anonymous_z <zhangrui182@huawei.com>
Date: Mon, 28 Jun 2021 21:45:45 +0800
Subject: [PATCH 6/6] fix context entry delete failed.

---
 add-test-log.patch | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/add-test-log.patch b/add-test-log.patch
index 320ec30..b80c083 100644
--- a/add-test-log.patch
+++ b/add-test-log.patch
@@ -1,6 +1,6 @@
 diff -urNp a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist
---- a/openldap-2.4.50/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
-+++ b/openldap-2.4.50/tests/scripts/test018-syncreplication-persist	2021-06-28 21:09:51.690952258 +0800
+--- a/tests/scripts/test018-syncreplication-persist	2020-04-28 22:05:54.000000000 +0800
++++ b/tests/scripts/test018-syncreplication-persist	2021-06-28 21:09:51.690952258 +0800
 @@ -146,7 +146,7 @@ echo "Filtering consumer results..."
  $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
  
-- 
Gitee