diff --git a/0013_openldap-its9124_fix_crash_with_cancel_exop.patch b/0013_openldap-its9124_fix_crash_with_cancel_exop.patch
new file mode 100644
index 0000000..4bec781
--- /dev/null
+++ b/0013_openldap-its9124_fix_crash_with_cancel_exop.patch
@@ -0,0 +1,47 @@
+--- openldap-2.4.48.orig/servers/slapd/cancel.c 2019-07-23 16:46:22.000000000 +0200
++++ openldap-2.4.48/servers/slapd/cancel.c 2020-01-10 13:15:53.884714390 +0100
+@@ -2,7 +2,7 @@
+ /* $OpenLDAP$ */
+ /* This work is part of OpenLDAP Software .
+ *
+- * Copyright 1998-2019 The OpenLDAP Foundation.
++ * Copyright 1998-2020 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+@@ -34,7 +34,8 @@
+ Operation *o;
+ int rc;
+ int opid;
+- BerElement *ber;
++ BerElementBuffer berbuf;
++ BerElement *ber = (BerElement *)&berbuf;
+
+ assert( ber_bvcmp( &slap_EXOP_CANCEL, &op->ore_reqoid ) == 0 );
+
+@@ -43,19 +44,19 @@
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+- ber = ber_init( op->ore_reqdata );
+- if ( ber == NULL ) {
+- rs->sr_text = "internal error";
+- return LDAP_OTHER;
++ if ( op->ore_reqdata->bv_len == 0 ) {
++ rs->sr_text = "empty request data field";
++ return LDAP_PROTOCOL_ERROR;
+ }
+
++ /* ber_init2 uses reqdata directly, doesn't allocate new buffers */
++ ber_init2( ber, op->ore_reqdata, 0 );
++
+ if ( ber_scanf( ber, "{i}", &opid ) == LBER_ERROR ) {
+ rs->sr_text = "message ID parse failed";
+ return LDAP_PROTOCOL_ERROR;
+ }
+
+- (void) ber_free( ber, 1 );
+-
+ Statslog( LDAP_DEBUG_STATS, "%s CANCEL msg=%d\n",
+ op->o_log_prefix, opid, 0, 0, 0 );
+
diff --git a/openldap2.changes b/openldap2.changes
index 1d3c90f..aac63cd 100644
--- a/openldap2.changes
+++ b/openldap2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jan 10 13:16:40 UTC 2020 - Michael Ströder
+
+- added back-port patch
+ 0013_openldap-its9124_fix_crash_with_cancel_exop.patch
+ to fix OpenLDAP ITS#9124
+
-------------------------------------------------------------------
Sun Dec 22 14:44:19 UTC 2019 - Michael Ströder
diff --git a/openldap2.spec b/openldap2.spec
index 65b8cc4..423f8cf 100644
--- a/openldap2.spec
+++ b/openldap2.spec
@@ -63,6 +63,7 @@ Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
Patch11: 0011-openldap-re24-its7796.patch
+Patch13: 0013_openldap-its9124_fix_crash_with_cancel_exop.patch
Patch15: openldap-r-only.dif
Patch16: 0016-Clear-shared-key-only-in-close-function.patch
Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
@@ -258,6 +259,7 @@ gzip -k %{S:203}
%patch8 -p1
%patch9 -p1
%patch11 -p1
+%patch13 -p1
%patch15 -p1
%patch16 -p1
cp %{SOURCE5} .