diff --git a/openldap2-client.changes b/openldap2-client.changes
index 75e1cdf..81e17b8 100644
--- a/openldap2-client.changes
+++ b/openldap2-client.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Fri Sep 12 10:09:28 CEST 2008 - rhafer@suse.de
+
+- Backported fix for a crash in back-config when adding entries with
+  a too large index (ITS#5684)
+- Backported fix for a crash when adding an invalid olcBdbConfig
+  Entry to back-config (ITS#5698)
+
+-------------------------------------------------------------------
+Tue Sep  9 17:22:18 CEST 2008 - rhafer@suse.de
+
+- Removed getaddrinfo workaround. Recent glibc doesn't need it 
+  anymore (bnc#288879, ITS#5251)
+- Server requires libldap of the same version.
+
+-------------------------------------------------------------------
+Mon Sep  8 16:07:47 CEST 2008 - rhafer@suse.de
+
+- Import back-config support for deleting databases from CVS HEAD 
+
 -------------------------------------------------------------------
 Tue Sep  2 09:18:05 CEST 2008 - rhafer@suse.de
 
diff --git a/openldap2-client.spec b/openldap2-client.spec
index 51cc1bb..bc5e352 100644
--- a/openldap2-client.spec
+++ b/openldap2-client.spec
@@ -26,6 +26,8 @@ BuildRequires:  -pwdutils
 %if %sles_version == 10
 BuildRequires:  -db-devel -pwdutils libdb-4_5-devel
 %endif
+Version:        2.4.11
+Release:        26
 Url:            http://www.openldap.org
 License:        BSD 3-Clause
 %if "%{name}" == "openldap2"
@@ -33,6 +35,7 @@ Group:          Productivity/Networking/LDAP/Clients
 Provides:       ldap2 openldap2-back-ldap openldap2-back-monitor
 Obsoletes:      openldap2-back-ldap openldap2-back-monitor
 Conflicts:      openldap
+Requires:       libldap-2_4-2 = %{version}
 PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
 Summary:        OpenLDAP Client Utilities
 %else
@@ -41,8 +44,6 @@ Conflicts:      openldap-client
 Summary:        OpenLDAP Client Utilities
 %endif
 AutoReqProv:    on
-Version:        2.4.11
-Release:        21
 Source:         openldap-%{version}.tar.bz2
 Source1:        openldap-rc.tgz
 Source2:        addonschema.tar.gz
@@ -57,9 +58,11 @@ Patch3:         ldap_conf.dif
 Patch4:         ldapi_url.dif
 Patch6:         libldap-gethostbyname_r.dif
 Patch7:         pie-compile.dif
-Patch8:         slapd_getaddrinfo_dupl.dif
 Patch9:         openldap2-add-gnu-source.diff
 Patch10:        slapd-overlay_register_control.dif
+Patch11:        slapd-bconfig-del-db.dif
+Patch12:        slapd-bconfig-adjust-idx.dif
+Patch13:        slapd-bdb-stop-checkpoint.dif
 Patch100:       openldap-2.3.37.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -159,9 +162,11 @@ Authors:
 %if %suse_version > 920
 %patch7
 %endif
-%patch8 -p1
 %patch9 -p1
 %patch10
+%patch11
+%patch12
+%patch13
 cp %{SOURCE5} .
 cd ../openldap-2.3.37
 %patch100
@@ -487,6 +492,17 @@ fi
 %endif
 
 %changelog
+* Fri Sep 12 2008 rhafer@suse.de
+- Backported fix for a crash in back-config when adding entries with
+  a too large index (ITS#5684)
+- Backported fix for a crash when adding an invalid olcBdbConfig
+  Entry to back-config (ITS#5698)
+* Tue Sep 09 2008 rhafer@suse.de
+- Removed getaddrinfo workaround. Recent glibc doesn't need it
+  anymore (bnc#288879, ITS#5251)
+- Server requires libldap of the same version.
+* Mon Sep 08 2008 rhafer@suse.de
+- Import back-config support for deleting databases from CVS HEAD
 * Tue Sep 02 2008 rhafer@suse.de
 - Dropped evolution specific ntlm-bind Patch (Fate#303480)
 * Thu Aug 28 2008 rhafer@suse.de
diff --git a/openldap2.changes b/openldap2.changes
index 75e1cdf..81e17b8 100644
--- a/openldap2.changes
+++ b/openldap2.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Fri Sep 12 10:09:28 CEST 2008 - rhafer@suse.de
+
+- Backported fix for a crash in back-config when adding entries with
+  a too large index (ITS#5684)
+- Backported fix for a crash when adding an invalid olcBdbConfig
+  Entry to back-config (ITS#5698)
+
+-------------------------------------------------------------------
+Tue Sep  9 17:22:18 CEST 2008 - rhafer@suse.de
+
+- Removed getaddrinfo workaround. Recent glibc doesn't need it 
+  anymore (bnc#288879, ITS#5251)
+- Server requires libldap of the same version.
+
+-------------------------------------------------------------------
+Mon Sep  8 16:07:47 CEST 2008 - rhafer@suse.de
+
+- Import back-config support for deleting databases from CVS HEAD 
+
 -------------------------------------------------------------------
 Tue Sep  2 09:18:05 CEST 2008 - rhafer@suse.de
 
diff --git a/openldap2.spec b/openldap2.spec
index f227359..adceabc 100644
--- a/openldap2.spec
+++ b/openldap2.spec
@@ -26,6 +26,8 @@ BuildRequires:  -pwdutils
 %if %sles_version == 10
 BuildRequires:  -db-devel -pwdutils libdb-4_5-devel
 %endif
+Version:        2.4.11
+Release:        24
 Url:            http://www.openldap.org
 License:        BSD 3-Clause; openldap 2.8
 %if "%{name}" == "openldap2"
@@ -33,6 +35,7 @@ Group:          Productivity/Networking/LDAP/Servers
 Provides:       ldap2 openldap2-back-ldap openldap2-back-monitor
 Obsoletes:      openldap2-back-ldap openldap2-back-monitor
 Conflicts:      openldap
+Requires:       libldap-2_4-2 = %{version}
 PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
 Summary:        The OpenLDAP Server
 %else
@@ -41,8 +44,6 @@ Conflicts:      openldap-client
 Summary:        The OpenLDAP Server
 %endif
 AutoReqProv:    on
-Version:        2.4.11
-Release:        20
 Source:         openldap-%{version}.tar.bz2
 Source1:        openldap-rc.tgz
 Source2:        addonschema.tar.gz
@@ -57,9 +58,11 @@ Patch3:         ldap_conf.dif
 Patch4:         ldapi_url.dif
 Patch6:         libldap-gethostbyname_r.dif
 Patch7:         pie-compile.dif
-Patch8:         slapd_getaddrinfo_dupl.dif
 Patch9:         openldap2-add-gnu-source.diff
 Patch10:        slapd-overlay_register_control.dif
+Patch11:        slapd-bconfig-del-db.dif
+Patch12:        slapd-bconfig-adjust-idx.dif
+Patch13:        slapd-bdb-stop-checkpoint.dif
 Patch100:       openldap-2.3.37.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -162,9 +165,11 @@ Authors:
 %if %suse_version > 920
 %patch7
 %endif
-%patch8 -p1
 %patch9 -p1
 %patch10
+%patch11
+%patch12
+%patch13
 cp %{SOURCE5} .
 cd ../openldap-2.3.37
 %patch100
@@ -490,6 +495,17 @@ fi
 %endif
 
 %changelog
+* Fri Sep 12 2008 rhafer@suse.de
+- Backported fix for a crash in back-config when adding entries with
+  a too large index (ITS#5684)
+- Backported fix for a crash when adding an invalid olcBdbConfig
+  Entry to back-config (ITS#5698)
+* Tue Sep 09 2008 rhafer@suse.de
+- Removed getaddrinfo workaround. Recent glibc doesn't need it
+  anymore (bnc#288879, ITS#5251)
+- Server requires libldap of the same version.
+* Mon Sep 08 2008 rhafer@suse.de
+- Import back-config support for deleting databases from CVS HEAD
 * Tue Sep 02 2008 rhafer@suse.de
 - Dropped evolution specific ntlm-bind Patch (Fate#303480)
 * Thu Aug 28 2008 rhafer@suse.de
diff --git a/slapd-bconfig-adjust-idx.dif b/slapd-bconfig-adjust-idx.dif
new file mode 100644
index 0000000..c4ca1e0
--- /dev/null
+++ b/slapd-bconfig-adjust-idx.dif
@@ -0,0 +1,17 @@
+Index: servers/slapd/bconfig.c
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/bconfig.c,v
+retrieving revision 1.341
+retrieving revision 1.342
+diff -u -r1.341 -r1.342
+--- servers/slapd/bconfig.c	30 Jun 2008 21:16:02 -0000	1.341
++++ servers/slapd/bconfig.c	4 Sep 2008 11:56:31 -0000	1.342
+@@ -3881,7 +3881,7 @@
+ 		if ( isconfig && index == -1 ) {
+ 			index = 0;
+ 		}
+-		if ( !isfrontend && index == -1 ) {
++		if (( !isfrontend && index == -1 ) || ( index > nsibs ) ){
+ 			index = nsibs;
+ 		}
+ 
diff --git a/slapd-bconfig-del-db.dif b/slapd-bconfig-del-db.dif
new file mode 100644
index 0000000..1a7cf97
--- /dev/null
+++ b/slapd-bconfig-del-db.dif
@@ -0,0 +1,49 @@
+Index: servers/slapd/bconfig.c
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/bconfig.c,v
+retrieving revision 1.342
+retrieving revision 1.344
+diff -u -r1.342 -r1.344
+--- servers/slapd/bconfig.c	4 Sep 2008 11:56:31 -0000	1.342
++++ servers/slapd/bconfig.c	4 Sep 2008 15:12:07 -0000	1.344
+@@ -5245,15 +5245,28 @@
+ 		if ( last )
+ 			rs->sr_matched = last->ce_entry->e_name.bv_val;
+ 		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+-	} if ( ce->ce_kids ) {
++	} else if ( ce->ce_kids ) {
+ 		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+-	} else if ( ce->ce_type == Cft_Overlay ){
++	} else if ( ce->ce_type == Cft_Overlay || ce->ce_type == Cft_Database ){
+ 		char *iptr;
+ 		int count, ixold, rc;
+ 
+ 		ldap_pvt_thread_pool_pause( &connection_pool );
+-		
+-		overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi );
++
++		if ( ce->ce_type == Cft_Overlay ){
++			overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi );
++		} else { /* Cft_Database*/
++			if ( ce->ce_be == frontendDB || ce->ce_be == op->o_bd ){
++				rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
++				rs->sr_text = "Cannot delete config or frontend database";
++				ldap_pvt_thread_pool_resume( &connection_pool );
++				goto out;
++			} 
++			if ( ce->ce_be->bd_info->bi_db_close ) {
++				ce->ce_be->bd_info->bi_db_close( ce->ce_be, NULL );
++			}
++			backend_destroy_one( ce->ce_be, 1);
++		}
+ 
+ 		/* remove CfEntryInfo from the siblings list */
+ 		if ( ce->ce_parent->ce_kids == ce ) {
+@@ -5315,6 +5328,7 @@
+ #else
+ 	rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ #endif /* SLAP_CONFIG_DELETE */
++out:
+ 	send_ldap_result( op, rs );
+ 	return rs->sr_err;
+ }
diff --git a/slapd-bdb-stop-checkpoint.dif b/slapd-bdb-stop-checkpoint.dif
new file mode 100644
index 0000000..5d5bcf1
--- /dev/null
+++ b/slapd-bdb-stop-checkpoint.dif
@@ -0,0 +1,26 @@
+Index: servers/slapd/back-bdb/init.c
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/init.c,v
+retrieving revision 1.293
+retrieving revision 1.294
+diff -u -r1.293 -r1.294
+--- servers/slapd/back-bdb/init.c	27 Aug 2008 20:28:16 -0000	1.293
++++ servers/slapd/back-bdb/init.c	12 Sep 2008 07:53:40 -0000	1.294
+@@ -640,6 +640,17 @@
+ {
+ 	struct bdb_info *bdb = (struct bdb_info *) be->be_private;
+ 
++	/* stop and remove checkpoint task */
++	if ( bdb->bi_txn_cp_task ) {
++		struct re_s *re = bdb->bi_txn_cp_task;
++		bdb->bi_txn_cp_task = NULL;
++		ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
++		if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ) )
++			ldap_pvt_runqueue_stoptask( &slapd_rq, re );
++		ldap_pvt_runqueue_remove( &slapd_rq, re );
++		ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
++	}
++
+ 	/* monitor handling */
+ 	(void)bdb_monitor_db_destroy( be );
+ 
diff --git a/slapd_getaddrinfo_dupl.dif b/slapd_getaddrinfo_dupl.dif
deleted file mode 100644
index 6b9591b..0000000
--- a/slapd_getaddrinfo_dupl.dif
+++ /dev/null
@@ -1,102 +0,0 @@
-Index: openldap-2.4.7/servers/slapd/daemon.c
-===================================================================
---- openldap-2.4.7.orig/servers/slapd/daemon.c
-+++ openldap-2.4.7/servers/slapd/daemon.c
-@@ -1120,7 +1120,8 @@ slap_get_listener_addresses(
- 	{
- #ifdef HAVE_GETADDRINFO
- 		struct addrinfo hints, *res, *sai;
--		int n, err;
-+		struct sockaddr **sap2;
-+		int n, err, cmpres;
- 		char serv[7];
- 
- 		memset( &hints, '\0', sizeof(hints) );
-@@ -1146,43 +1147,60 @@ slap_get_listener_addresses(
- 		*sap = NULL;
- 
- 		for ( sai=res; sai; sai=sai->ai_next ) {
-+			cmpres=1;
- 			if( sai->ai_addr == NULL ) {
- 				Debug( LDAP_DEBUG_ANY, "slap_get_listener_addresses: "
- 					"getaddrinfo ai_addr is NULL?\n", 0, 0, 0 );
- 				freeaddrinfo(res);
- 				goto errexit;
- 			}
--
--			switch (sai->ai_family) {
--#  ifdef LDAP_PF_INET6
--			case AF_INET6:
--				*sap = ch_malloc(sizeof(struct sockaddr_in6));
--				if (*sap == NULL) {
--					freeaddrinfo(res);
--					goto errexit;
-+			/* check for duplicates */
-+			for ( sap2 = *sal; sap && *sap2; sap2++ ){
-+				if ( sai->ai_family == (*sap2)->sa_family ) {
-+					if (sai->ai_family == AF_INET6) {
-+						cmpres = memcmp(sai->ai_addr, *sap2, 
-+								sizeof(struct sockaddr_in6));
-+					} else if (sai->ai_family == AF_INET) {
-+						cmpres = memcmp(sai->ai_addr, *sap2, 
-+								sizeof(struct sockaddr_in));
-+					}
-+					if (! cmpres ){
-+						break;
-+					}
- 				}
--				*(struct sockaddr_in6 *)*sap =
--					*((struct sockaddr_in6 *)sai->ai_addr);
--				break;
-+			}
-+			if (cmpres){
-+				switch (sai->ai_family) {
-+#  ifdef LDAP_PF_INET6
-+				case AF_INET6:
-+					*sap = ch_malloc(sizeof(struct sockaddr_in6));
-+					if (*sap == NULL) {
-+						freeaddrinfo(res);
-+						goto errexit;
-+					}
-+					*(struct sockaddr_in6 *)*sap =
-+						*((struct sockaddr_in6 *)sai->ai_addr);
-+					break;
- #  endif /* LDAP_PF_INET6 */
--			case AF_INET:
--				*sap = ch_malloc(sizeof(struct sockaddr_in));
--				if (*sap == NULL) {
--					freeaddrinfo(res);
--					goto errexit;
-+				case AF_INET:
-+					*sap = ch_malloc(sizeof(struct sockaddr_in));
-+					if (*sap == NULL) {
-+						freeaddrinfo(res);
-+						goto errexit;
-+					}
-+					*(struct sockaddr_in *)*sap =
-+						*((struct sockaddr_in *)sai->ai_addr);
-+					break;
-+				default:
-+					*sap = NULL;
-+					break;
- 				}
--				*(struct sockaddr_in *)*sap =
--					*((struct sockaddr_in *)sai->ai_addr);
--				break;
--			default:
--				*sap = NULL;
--				break;
--			}
- 
--			if (*sap != NULL) {
--				(*sap)->sa_family = sai->ai_family;
--				sap++;
--				*sap = NULL;
-+				if (*sap != NULL) {
-+					(*sap)->sa_family = sai->ai_family;
-+					sap++;
-+					*sap = NULL;
-+				}
- 			}
- 		}
-