diff --git a/backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch b/backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c1af1a36d63676ad0af7cc96af24df5aa87a63c5
--- /dev/null
+++ b/backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch
@@ -0,0 +1,124 @@
+From 5f934c8c457ffe906c844ab2313943ae9b66bc46 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 27 Feb 2023 15:01:23 +0000
+Subject: [PATCH] ITS#10016: slapo-syncprov: fix Abandon with active qtask
+
+---
+ servers/slapd/overlays/syncprov.c | 42 ++++++++++++++++++++++++++-----
+ 1 file changed, 36 insertions(+), 6 deletions(-)
+
+diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
+index f62d6c63ea..44a6181410 100644
+--- a/servers/slapd/overlays/syncprov.c
++++ b/servers/slapd/overlays/syncprov.c
+@@ -871,6 +871,11 @@ static void free_resinfo( syncres *sr )
+ 
+ #define FS_UNLINK	1
+ #define FS_LOCK		2
++#define FS_DEFER	4
++
++#define FSR_NOTFREE	0
++#define FSR_DIDFREE	1
++#define FSR_CANFREE	2
+ 
+ static int
+ syncprov_free_syncop( syncops *so, int flags )
+@@ -881,12 +886,19 @@ syncprov_free_syncop( syncops *so, int flags )
+ 	if ( flags & FS_LOCK )
+ 		ldap_pvt_thread_mutex_lock( &so->s_mutex );
+ 	/* already being freed, or still in use */
+-	if ( !so->s_inuse || --so->s_inuse > 0 ) {
++	if ( !so->s_inuse || so->s_inuse > 1 ) {
+ 		if ( flags & FS_LOCK )
+ 			ldap_pvt_thread_mutex_unlock( &so->s_mutex );
+-		return 0;
++		if ( !( flags & FS_DEFER ) && so->s_inuse )
++			so->s_inuse--;
++		return FSR_NOTFREE;
+ 	}
+ 	ldap_pvt_thread_mutex_unlock( &so->s_mutex );
++
++	/* caller wants to cleanup other stuff before actual free */
++	if ( flags & FS_DEFER )
++		return FSR_CANFREE;
++
+ 	if (( flags & FS_UNLINK ) && so->s_si ) {
+ 		syncops **sop;
+ 		ldap_pvt_thread_mutex_lock( &so->s_si->si_ops_mutex );
+@@ -914,7 +926,7 @@ syncprov_free_syncop( syncops *so, int flags )
+ 	}
+ 	ldap_pvt_thread_mutex_destroy( &so->s_mutex );
+ 	ch_free( so );
+-	return 1;
++	return FSR_DIDFREE;
+ }
+ 
+ /* Send a persistent search response */
+@@ -1029,6 +1041,9 @@ syncprov_qplay( Operation *op, syncops *so )
+ 			} else {
+ 				rc = syncprov_sendresp( op, sr->s_info, so, sr->s_mode );
+ 			}
++		} else {
++			/* set rc so we don't do a new qstart */
++			rc = 1;
+ 		}
+ 
+ 		free_resinfo( sr );
+@@ -1055,6 +1070,9 @@ syncprov_qplay( Operation *op, syncops *so )
+ 	return rc;
+ }
+ 
++static int
++syncprov_drop_psearch( syncops *so, int lock );
++
+ /* task for playing back queued responses */
+ static void *
+ syncprov_qtask( void *ctx, void *arg )
+@@ -1063,7 +1081,7 @@ syncprov_qtask( void *ctx, void *arg )
+ 	OperationBuffer opbuf;
+ 	Operation *op;
+ 	BackendDB be;
+-	int rc;
++	int rc, flag, frc;
+ 
+ 	op = &opbuf.ob_op;
+ 	*op = *so->s_op;
+@@ -1092,14 +1110,24 @@ syncprov_qtask( void *ctx, void *arg )
+ 	if ( !rc && !so->s_res )
+ 		rc = 1;
+ 
++	flag = FS_UNLINK;
++	if ( rc && op->o_abandon )
++		flag = FS_DEFER;
++
+ 	/* decrement use count... */
+-	if ( !syncprov_free_syncop( so, FS_UNLINK )) {
++	frc = syncprov_free_syncop( so, flag );
++	if ( frc == FSR_NOTFREE ) {
+ 		if ( rc )
+ 			/* if we didn't unlink, and task is no longer queued, clear flag */
+ 			so->s_flags ^= PS_TASK_QUEUED;
+ 		ldap_pvt_thread_mutex_unlock( &so->s_mutex );
+ 	}
+ 
++	/* if we got abandoned while processing, cleanup now */
++	if ( frc == FSR_CANFREE ) {
++		syncprov_drop_psearch( so, 1 );
++	}
++
+ 	return NULL;
+ }
+ 
+@@ -1274,7 +1302,9 @@ syncprov_op_abandon( Operation *op, SlapReply *rs )
+ 				return SLAP_CB_CONTINUE;
+ 			}
+ 		}
+-		syncprov_drop_psearch( so, 0 );
++		/* if task is active, it must drop itself */
++		if ( !( so->s_flags & PS_TASK_QUEUED ))
++			syncprov_drop_psearch( so, 0 );
+ 	}
+ 	return SLAP_CB_CONTINUE;
+ }
+-- 
+GitLab
diff --git a/backport-ITS-10028-crash-with-pwdMinDelay.patch b/backport-ITS-10028-crash-with-pwdMinDelay.patch
new file mode 100644
index 0000000000000000000000000000000000000000..90587704dcd2286d33c3a4f8a8e47f882ad7200c
--- /dev/null
+++ b/backport-ITS-10028-crash-with-pwdMinDelay.patch
@@ -0,0 +1,27 @@
+From 0e409f49ec9a83d7259f9a671e85125d4d724144 Mon Sep 17 00:00:00 2001
+From: HAMANO Tsukasa <code@cuspy.org>
+Date: Fri, 24 Mar 2023 11:24:15 +0900
+Subject: [PATCH] ITS#10028 - crash with pwdMinDelay
+
+---
+ servers/slapd/overlays/ppolicy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
+index 0271dde6a7..d4032cc7d3 100644
+--- a/servers/slapd/overlays/ppolicy.c
++++ b/servers/slapd/overlays/ppolicy.c
+@@ -1868,7 +1868,8 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
+ 		} else if ( ppb->pp.pwdMinDelay ) {
+ 			int waittime = ppb->pp.pwdMinDelay << fc;
+ 			time_t wait_end;
+-			struct berval lockout_stamp;
++			char lockout_stamp_buf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
++			struct berval lockout_stamp = BER_BVC(lockout_stamp_buf);
+ 
+ 			if ( waittime > ppb->pp.pwdMaxDelay ) {
+ 				waittime = ppb->pp.pwdMaxDelay;
+-- 
+GitLab
+
+
diff --git a/backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch b/backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1a992246d23bfe13036339fc6afad7d51a86c516
--- /dev/null
+++ b/backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch
@@ -0,0 +1,24 @@
+From 818e2a5455bac1db029124b5aabc8b03415f917b Mon Sep 17 00:00:00 2001
+From: Ian Puleston <ipuleston@sonicwall.com>
+Date: Thu, 30 Mar 2023 13:04:50 -0700
+Subject: [PATCH] ITS#10035 Fix setting TLSv1.3 ciphersuite
+
+---
+ libraries/libldap/tls_o.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
+index 0a74ffa7f9..8f1d84efa1 100644
+--- a/libraries/libldap/tls_o.c
++++ b/libraries/libldap/tls_o.c
+@@ -335,7 +335,7 @@ tlso_ctx_cipher13( tlso_ctx *ctx, char *suites )
+ 				if ( !strncmp( ver, "TLSv", 4 ) && strncmp( ver+4, "1.3", 3 ) >= 0 ) {
+ 					if ( tls13_suites[0] )
+ 						ts = tlso_stecpy( ts, ":", te );
+-					ts = tlso_stecpy( ts, sname, te );
++					ts = tlso_stecpy( ts, nptr, te );
+ 				}
+ 			}
+ 		}
+-- 
+GitLab
diff --git a/openldap.spec b/openldap.spec
index f7128f301415ed8a7e50619ac4c0e1d49810a315..4feef263730a752aa55d2b715920d48433db5817 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -2,7 +2,7 @@
 
 Name:           openldap
 Version:        2.6.0
-Release:        5
+Release:        6
 Summary:        LDAP support libraries
 License:        OpenLDAP
 URL:            https://www.openldap.org/
@@ -66,6 +66,9 @@ Patch6035:      backport-ITS-9882-bind-fix-9863-commit-use-correct-op-backend.pa
 Patch6036:      backport-ITS-9898-tests-fix-slapd-addel-non-std-syntax.patch
 Patch6037:      backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
 Patch6038:      backport-ITS-9904-check-for-strdup-failure.patch
+Patch6039:      backport-ITS-10016-slapo-syncprov-fix-Abandon-with-active-qtask.patch
+Patch6040:      backport-ITS-10028-crash-with-pwdMinDelay.patch
+Patch6041:      backport-ITS-10035-Fix-setting-TLSv1.3-ciphersuite.patch    
 
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
@@ -181,6 +184,9 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch6036 -p1
 %patch6037 -p1
 %patch6038 -p1
+%patch6039 -p1
+%patch6040 -p1
+%patch6041 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -462,6 +468,12 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Wed Aug 30 2023 zhujunhao <zhujunhao11@huawei.com> - 2.6.0-6
+- Type:bugfix
+- CVE:NA
+- SUG:restart
+- DESC:backport patch
+
 * Wed Jun 7 2023 zhujunhao <zhujunhao11@huawei.com> - 2.6.0-5
 - Type:cve
 - CVE:cve-2023-2953