From 83ce07ddd8100cc02e21646a2c0181e2b3215b4f Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 24 2022 13:06:19 +0000
Subject: import 389-ds-base-1.3.10.2-17.el7_9


---

diff --git a/SOURCES/0039-Issue-5098-Multiple-issues-around-replication-and-CI.patch b/SOURCES/0039-Issue-5098-Multiple-issues-around-replication-and-CI.patch
new file mode 100644
index 0000000..09a808f
--- /dev/null
+++ b/SOURCES/0039-Issue-5098-Multiple-issues-around-replication-and-CI.patch
@@ -0,0 +1,26 @@
+From 5594c3dac2df8948d09f148a5a766db77a7b0952 Mon Sep 17 00:00:00 2001
+From: progier389 <progier@redhat.com>
+Date: Thu, 20 Jan 2022 12:22:28 +0100
+Subject: [PATCH 1/3] Issue 5098 - Multiple issues around replication and CI
+ test test_online_reinit_may_hang (#5109)
+
+---
+ ldap/servers/plugins/replication/repl5_replica.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
+index c1b3ed73c..253a3ef9f 100644
+--- a/ldap/servers/plugins/replication/repl5_replica.c
++++ b/ldap/servers/plugins/replication/repl5_replica.c
+@@ -1641,7 +1641,7 @@ replica_check_for_data_reload(Replica *r, void *arg __attribute__((unused)))
+             return -1;
+         }
+ 
+-        if (upper_bound_ruv) {
++        if (upper_bound_ruv && ruv_replica_count(upper_bound_ruv) > 0) {
+             ruv_obj = replica_get_ruv(r);
+             r_ruv = object_get_data(ruv_obj);
+             PR_ASSERT(r_ruv);
+-- 
+2.37.3
+
diff --git a/SOURCES/0040-Issue-5418-Sync_repl-may-crash-while-managing-invali.patch b/SOURCES/0040-Issue-5418-Sync_repl-may-crash-while-managing-invali.patch
new file mode 100644
index 0000000..4144f53
--- /dev/null
+++ b/SOURCES/0040-Issue-5418-Sync_repl-may-crash-while-managing-invali.patch
@@ -0,0 +1,38 @@
+From bd566957f85c889f13cd24f903c91c16c955acbd Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Thu, 18 Aug 2022 13:37:47 +0200
+Subject: [PATCH 2/3] Issue 5418 - Sync_repl may crash while managing invalid
+ cookie (#5420)
+
+Bug description:
+        If the servers receives an invalid cookie without separator '#',
+        it parses it into an empty cookie (Sync_Cookie) instead of a NULL
+        cookie (failure).
+        Later it sigsegv when using the empty cookie.
+
+Fix description:
+        If the parsing fails return NULL
+
+relates: #5418
+
+Reviewed by: Viktor Ashirov, Mark Reynolds, William Brown, Simon Pichugin (thanks !)
+---
+ ldap/servers/plugins/sync/sync_util.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
+index 8c2c42d0d..73f003921 100644
+--- a/ldap/servers/plugins/sync/sync_util.c
++++ b/ldap/servers/plugins/sync/sync_util.c
+@@ -546,6 +546,8 @@ sync_cookie_parse(char *cookie)
+         } else {
+             goto error_return;
+         }
++    } else {
++            goto error_return;
+     }
+     return (sc);
+ error_return:
+-- 
+2.37.3
+
diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec
index 7a48f0c..153dc93 100644
--- a/SPECS/389-ds-base.spec
+++ b/SPECS/389-ds-base.spec
@@ -39,7 +39,7 @@
 Summary:          389 Directory Server (%{variant})
 Name:             389-ds-base
 Version:          1.3.10.2
-Release:          %{?relprefix}16%{?prerel}%{?dist}
+Release:          %{?relprefix}17%{?prerel}%{?dist}
 License:          GPLv3+
 URL:              https://www.port389.org/
 Group:            System Environment/Daemons
@@ -184,6 +184,9 @@ Patch35:          0035-Issue-5242-Craft-message-may-crash-the-server-5243.patch
 Patch36:          0036-Issue-4956-Automember-allows-invalid-regex-and-does-.patch
 Patch37:          0037-Issue-5155-RFE-Provide-an-option-to-abort-an-Auto-Me.patch
 Patch38:          0038-Issue-5221-User-with-expired-password-can-still-logi.patch
+Patch39:          0039-Issue-5098-Multiple-issues-around-replication-and-CI.patch
+Patch40:          0040-Issue-5418-Sync_repl-may-crash-while-managing-invali.patch
+
 
 %description
 389 Directory Server is an LDAPv3 compliant server.  The base package includes
@@ -537,6 +540,11 @@ fi
 %{_sysconfdir}/%{pkgname}/dirsrvtests
 
 %changelog
+* Fri Sep 30 2022 Mark Reynolds <mreynolds@redhat.com> - 1.3.10-2-17
+- Bump version to 1.3.10.2-17
+- Resolves: Bug 2113056 - Import may break replication because changelog starting csn may not be created
+- Resolves: Bug 2131083 - SIGSEGV in sync_repl 
+
 * Tue Jun 07 2022 Thierry Bordaz <tbordaz@redhat.com> - 1.3.10.2-16
 - Bump version to 1.3.10.2-16
 - Resolves: Bug 2077395 - CVE-2022-0918 389-ds:1.4/389-ds-base: sending crafted message could result in DoS